inline-source-cli icon indicating copy to clipboard operation
inline-source-cli copied to clipboard
verified publisher icon popeindustries

Vulnerability in dependency

Open KyleMaas opened this issue 4 years ago • 3 comments

npm audit reports the following:

css-what  <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/css-what
  css-select  <=3.1.2
  Depends on vulnerable versions of css-what
  node_modules/css-select
    svgo  1.0.0 - 2.3.0
    Depends on vulnerable versions of css-select
    node_modules/svgo
      inline-source  >=6.1.0
      Depends on vulnerable versions of svgo
      node_modules/inline-source
        inline-source-cli  >=2.0.0
        Depends on vulnerable versions of inline-source
        node_modules/inline-source-cli

KyleMaas avatar Jul 03 '21 14:07 KyleMaas

Are there any alternatives to this package? It seems to be abandoned.

vielhuber avatar Apr 16 '22 21:04 vielhuber

You can override the sub dependency yourself like so in your package.json:

  "overrides": {
    "inline-source-cli": {
      "inline-source": "^8.0.2"
    }

paxos avatar Oct 17 '22 05:10 paxos

@popeindustries could you please update inline-source to the latest version?

XhmikosR avatar Dec 08 '22 19:12 XhmikosR