Andy Edwards
Andy Edwards
https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY2-1079307 has been raised for a ReDoS vulnerability, along with [CVE-2021-23346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23346). The vulnerability is at https://github.com/rayd/html-parse-stringify2/blob/dbf026f9010a14167e5a9e8589464f660233e446/lib/parse.js#L2 There is a recent [fix](https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12) in the original repo this was forked from. Could...
`[email protected]` hard codes exactly dependency `[email protected]`, which contains [CVE-2024-55565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565). This PR bumps the version to 3.3.8 and changes to pick up minor and patch releases of `nanoid@3` I've also tried...
The latest version of `democracy` (4.0.0) hard-codes the version of `nanoid` to exactly 3.3.7 [here](https://github.com/goldfire/democracy.js/blob/v4.0.0/package.json#L28). This version is vulnerable to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55565 and is fixed in version 3.3.8 I've created https://github.com/goldfire/democracy.js/pull/21...