Bump parse-duration to >=2.1.3
GitHub has the following security advisory for the parse-duration package that this library depends on
https://github.com/advisories/GHSA-hcrg-fc28-fcg5
This package currently depends on parse-duration = ^1.0.0 but the patched version is in ^2.1.3.
Any updates on this one?
Any updates?
We are coming up on SLAs to have this fixed and would love for the fix to be as simple as just bumping this lib version.
Any updates on this, can we please merge it!?
Apologies for the slow response here. I can't simply merge the PR because parse-duration v2 only supports ESM. I'm a little out of the loop on how to support that in our setup, without breaking other users.
I'll close this once the fix is published
Hey guys, you forget to publish new version
Fix is merged, but no new available
6.0.3 is released