avh4/elm-format

Critical severity vulnerability - json-schema (via binwrap)

sporto opened this issue · 1 comments

This package uses binwrap 0.2.3

Which depends on request 2.88.0
https://github.com/avh4/binwrap/blob/main/package.json#L42

Which depends on form-data 2.3.3
https://github.com/request/request/blob/master/package.json#L36

Which depends on json-schema 0.2.3

json-schema 0.2.3 has a critical vulnerability:
GHSA-896r-f27r-55mw

It would be great if this dependecy could be changed.

avh4 commented

The next release (0.8.6) will have no external npm dependencies, thanks to #781.