stencil-cli icon indicating copy to clipboard operation
stencil-cli copied to clipboard
verified publisher icon bigcommerce

a vulnerability CVE-2021-23358 is introduced in @bigcommerce/stencil-cli

Open ayaka-kms opened this issue 4 years ago • 0 comments

Hi, @MaxGenash, a vulnerability CVE-2021-23358 is introduced in @bigcommerce/stencil-cli via: ● @bigcommerce/[email protected][email protected][email protected][email protected]

However, jsonlint is a legacy package, which has not been maintained for about 3 years. Is it possible to migrate jsonlint to other package or remove it to remediate this vulnerability?

I noticed a migration record in other js repo for jsonlint:

● in cfn-include, version 1.0.0 ➔ 1.0.1, remove jsonlint via commit ● in gavel, version 2.1.2 ➔ 2.1.3, migrate jsonlint to json-parse-helpfulerror via commit

Thanks.

ayaka-kms avatar Aug 14 '21 08:08 ayaka-kms