Request: Replace vulnerable dependency "echo-cli"
Sammii opened this issue · 1 comments
There is a "high severity" security vulnerability in the trim-newlines@^1.0.0 package that is included as a transitive dependency of echo-cli. See: GHSA-7p7h-4mm5-852v
CVE-2021-33623
high severity
Vulnerable versions: < 3.0.1
Patched version: 3.0.1
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Hoisted from contentful-export#echo-cli#meow#trim-newlines
Since the echo-cli package has not been updated in 5 years, it seems to no longer be maintained.
Is it possible to replace this package with something that does not include vulnerable dependencies?
Fixed in contentful-export already (contentful/contentful-export#683), but the same dependency is in this package also! 😢