artin/EmulatorJS
1
0
Fork 0
mirror of https://github.com/EmulatorJS/EmulatorJS.git synced 2026-02-06 11:17:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(deps): update @node-minify packages to v10.1.1 (#1150)

Browse Source 
Fixes high severity vulnerability in glob (CVE via @node-minify/core).

Updates:
- @node-minify/core: ^9.0.2 -> ^10.1.1
- @node-minify/clean-css: ^9.0.1 -> ^10.1.1
- @node-minify/terser: ^9.0.1 -> ^10.1.1

The glob vulnerability (GHSA-5j98-mcp5-4vw2) allowed command injection
via -c/--cmd flag. @node-minify v10.x removes glob as a dependency,
eliminating this attack vector.

Co-authored-by: Zenpower <dev@zenpower.at>
This commit is contained in:
Zen P. 2026-01-03 22:31:55 +01:00 committed by GitHub
parent 5680535946
commit 780ad31d3d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
package.json
View File

@ -1,6 +1,6 @@
{
"name": "@emulatorjs/emulatorjs",
"version": "4.2.3",
"version": "4.2.4",
"type": "module",
"description": "EmulatorJS is a frontend for RetroArch in the web browser.",
"homepage": "https://emulatorjs.org",
@ -21,9 +21,9 @@
"docs": "jsdoc data/src/*.js -d jsdoc"
},
"dependencies": {
"@node-minify/clean-css": "^9.0.1",
"@node-minify/core": "^9.0.2",
"@node-minify/terser": "^9.0.1",
"@node-minify/clean-css": "^10.1.1",
"@node-minify/core": "^10.1.1",
"@node-minify/terser": "^10.1.1",
"http-server": "^14.1.1",
"node-7z": "^3.0.0"
},