eleventy-plugin-svg-sprite icon indicating copy to clipboard operation
eleventy-plugin-svg-sprite copied to clipboard

Published 20 hours ago verified publisher icon patrickxchong

Update the svg-sprite dependency in package.json

Open wesley-dean-flexion opened this issue 5 months ago • 0 comments

svg-sprite 2.0.0 has a dependency on lodash.trim 4.5.1 which is subject to a ReDoS vulnerability:

https://github.com/advisories/GHSA-29mw-wpgm-hmr9

svg-sprite 2.0.3 removes this dependency:

https://github.com/svg-sprite/svg-sprite/releases/tag/v2.0.3

The current v2.0.x release is 2.0.4 which also includes several fixes:

https://github.com/svg-sprite/svg-sprite/releases/tag/v2.0.4

wesley-dean-flexion avatar Aug 27 '24 16:08 wesley-dean-flexion