Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

a vulnerability CVE-2020-7598 is introduced in css-modules-flow-types-cli #68

Open
ayaka-kms opened this issue Aug 13, 2021 · 1 comment
Open

a vulnerability CVE-2020-7598 is introduced in css-modules-flow-types-cli #68

ayaka-kms opened this issue Aug 13, 2021 · 1 comment

Comments

@ayaka-kms
Copy link

ayaka-kms commented Aug 13, 2021
edited
Loading

Hi, a vulnerability CVE-2021-23382 is introduced in css-modules-flow-types-cli via:
[email protected][email protected][email protected]

css-modules-loader-core is a legacy package. It has not been maintained for about 4 years, and is not likely to be updated.
Is it possible to migrate css-modules-loader-core to other package to remediate this vulnerability?

I noticed several migration records for css-modules-loader-core in other js repos, such as

  1. in postcss-modules, version 2.0.0 ➔ 3.0.0, remove css-modules-loader-core via commit
  2. in broccoli-css-modules, version 0.5.0 ➔ 0.5.1, remove css-modules-loader-core via commit

Are there any efforts planned that would remediate this vulnerability or migrate css-modules-loader-core?

Thanks
; )
@skovhus
Copy link
Owner

skovhus commented Aug 13, 2021

Thanks for reporting this.

I'm not actively maintaining this repository, but contributions are more than welcome.

Do you have energy to look into this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@skovhus @ayaka-kms