sanity
sanity copied to clipboard
sanity-io
fix(CVE-2024-53382): refractor upgrade
Description
Addresses CVE-2024-53382.
prism is a sub-dependency of refractor (from react-refractor).
@chuttam is attempting to deploy a commit to the Sanity Sandbox Team on Vercel.
A member of the Team first needs to authorize it.
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
| Diff | Package | Supply Chain Security |
Vulnerability | Quality | Maintenance | License |
|---|---|---|---|---|---|---|
 | refractor@4.9.0 |  | | |  | |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @chuttam Just dropping in to make sure that this doesn't linger and that you know that I've had a look at this!
Refractor says that it’s not a high vulnerability from their side, but with that being said, I just wanted to say that we are discussing how to handle the bumping of versions and this has not been forgotten!
Thank you for doing this! I'll return once I have more news!
Hi @RitaDias .. just swinging by to see if there's any movement here.
I acknowledge that it's not a severe issue. We run a 3rd party "vendor compliance" tool, and it constantly pings if items haven't been actioned within a certain time 🙄
Thanks!
Hi @chuttam
Sorry for the delay and for the on going annoyance, we have movement and there are discussions internally on the process to resolve it :)
@RitaDias Lovely! Thanks for handling in such a timely manner. We'll bump to the upcoming release just as soon as it's out.
Resolved via #10068 . Closing out this PR.