Vulnerability issues in dependant package meow@3.7.0
Opened this issue · 1 comments
Hi,
The current version is using meow@3.7.0 which at the same time is dependant on trim-newlines@1.0.0 is having a High vulnerability issue. It would be nice to bump a new release using meow@10.1.1 to fix that vulnerability.
meow@10.1.1 using trim-newlines@^4.0.2
https://github.com/sindresorhus/meow/blob/main/package.json#L54
High Regular Expression Denial of Service in trim-newlines
Package trim-newlines
Patched in >=3.0.1
Dependency of @wdio/devtools-service [dev]
Path @wdio/devtools-service > speedline > meow > trim-newlines
More info GHSA-7p7h-4mm5-852v
Thanks,
Guido.
Are there any updates regarding this issue? I've also faced with it while installing "@wdio/devtools-service" that is dependant on "speedline" package