-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
package dependency scss-tokenizer flaged unsafe #118
Comments
Yeah, this vulnerability has been promoted from |
This scss-tokenizer fork claims to have a fix. 🤞 it will be accepted upstream. |
It was merged, now we just need update the dependency version in sass-graph. @xzyfer would you be able to do it, pretty please? 🙏 |
Can somebody please provide an ETA on when this can be done? |
Fixed in v4.0.1 |
Thank you very much. |
sweet! thank you. |
reference: CVE-2022-25758
Regular expression denial of service in scss-tokenizer
symptom: yarn.lock indicates a dependency to scss-tokenizer: ^0.3.0, trigering a dependabot warning
Severity
High
7.5/ 10
scss-tokenizer current version is 0.4.2
impacted packages
expected outcome: no safety warning to the package.
is it possible to update this package?
The text was updated successfully, but these errors were encountered: