When running a pnpm audit in my workspace, I encountered critical warnings related to happy-dom@15.11.7 VM Context Escape vulnerability on packages using Pigment CSS. This issue arises as a transitive dependency of @wyw-in-js/transform@0.5.5.
The latest release, @wyw-in-js/transform@0.8.0, updates its dependency on happy-dom to 20.0.10, resolving these critical pnpm audit warnings.
Upgrading to this version should eliminate the security alerts and bring the dependency tree in line with the patched version of happy-dom.
GHSA-37j7-fg3j-429f
https://github.com/Anber/wyw-in-js/releases/tag/%40wyw-in-js%2F
When running a pnpm audit in my workspace, I encountered critical warnings related to happy-dom@15.11.7 VM Context Escape vulnerability on packages using Pigment CSS. This issue arises as a transitive dependency of @wyw-in-js/transform@0.5.5.
The latest release, @wyw-in-js/transform@0.8.0, updates its dependency on happy-dom to 20.0.10, resolving these critical pnpm audit warnings.
Upgrading to this version should eliminate the security alerts and bring the dependency tree in line with the patched version of happy-dom.
GHSA-37j7-fg3j-429f
https://github.com/Anber/wyw-in-js/releases/tag/%40wyw-in-js%2F