Hello, Concerning embedded modules, this raises me another question.
Le 20-09-03 à 08 h 54, Xavier a écrit : > serialize-javascript: > - node-compression-webpack-plugin (1.9.1) > - node-copy-webpack-plugin (1.4.0) > - node-uglifyjs-webpack-plugin (1.7.0) A CVE was recently published for serialize-javascript [1], to fix the issue, it must be upgraded to 3.1.0. Can it be possible to broadcast this kind of issue to all packages embedding vulnerable modules? /Nicolas [1] - https://github.com/advisories/GHSA-hxcc-f52p-wc94 -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
