mlxprs icon indicating copy to clipboard operation
mlxprs copied to clipboard
verified publisher icon marklogic

Update as many dependencies as possible

Open bshalke opened this issue 3 years ago • 0 comments

There are currently many dependencies that are out of date and have vulnerabilities. We should update as many of these as we can before release. Several of these are critical vulnerabilities:

Critical Prototype Pollution in minimist
Package minimist
Dependency of vscode-debugadapter [dev]
Path vscode-debugadapter > mkdirp > minimist
More info https://github.com/advisories/GHSA-xvch-5gv4-984h

Critical json-schema is vulnerable to Prototype Pollution
Package json-schema
Dependency of request [dev]
Path request > http-signature > jsprim > json-schema
More info https://github.com/advisories/GHSA-896r-f27r-55mw

Critical Prototype pollution in webpack loader-utils
Package loader-utils
Dependency of ts-loader [dev]
Path ts-loader > loader-utils
More info https://github.com/advisories/GHSA-76p3-8jx3-jpfq

bshalke avatar Dec 02 '22 23:12 bshalke