html-parse-stringify2 icon indicating copy to clipboard operation
html-parse-stringify2 copied to clipboard

Published 20 hours ago verified publisher icon rayd

New Security Vulnarability is detected in the library CVE-2021-23346

Open pavanjava opened this issue 3 years ago • 3 comments

Hi Team, the html-parse-stringify2 is a transitive dependency and the latest version available is 2.0.1 and there is a CVE-2021-23346 detected in the latest version. is this library activly maintained ?? if yes is any one actively looking into it.

pavanjava avatar Apr 02 '21 06:04 pavanjava

Considering the latest publish was nearly half a decade ago I would suggest you look into the original package which this is a fork of, html-parse-stringify. If you are depending on this transitively through react-i18next there's already some progress on replacing this package with it here: i18next/react-i18next#1283

SeinopSys avatar Apr 06 '21 01:04 SeinopSys

@SeinopSys : thanks for the clarification will check at the react-i18next and the html-parse-stringify directly.

pavanjava avatar Apr 06 '21 04:04 pavanjava

@rayd have all of the fixes that were introduced in this fork been merged into the original repository? If so, could you please add a note to the README.md to advise using the original repo instead?

modestfake avatar Apr 12 '21 10:04 modestfake