artin/EmulatorJS
1
0
Fork 0
mirror of https://github.com/EmulatorJS/EmulatorJS.git synced 2026-02-06 11:17:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(deps): update @node-minify packages to v10.1.1

Browse Source 
Fixes high severity vulnerability in glob (CVE via @node-minify/core).

Updates:
- @node-minify/core: ^9.0.2 -> ^10.1.1
- @node-minify/clean-css: ^9.0.1 -> ^10.1.1
- @node-minify/terser: ^9.0.1 -> ^10.1.1

The glob vulnerability (GHSA-5j98-mcp5-4vw2) allowed command injection
via -c/--cmd flag. @node-minify v10.x removes glob as a dependency,
eliminating this attack vector.
This commit is contained in:
Zenpower 2025-12-31 17:33:26 +00:00
parent 5680535946
commit c8871df8f8
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
package.json
View File

@ -1,6 +1,6 @@
{
"name": "@emulatorjs/emulatorjs",
"version": "4.2.3",
"version": "4.2.4",
"type": "module",
"description": "EmulatorJS is a frontend for RetroArch in the web browser.",
"homepage": "https://emulatorjs.org",
@ -21,9 +21,9 @@
"docs": "jsdoc data/src/*.js -d jsdoc"
},
"dependencies": {
"@node-minify/clean-css": "^9.0.1",
"@node-minify/core": "^9.0.2",
"@node-minify/terser": "^9.0.1",
"@node-minify/clean-css": "^10.1.1",
"@node-minify/core": "^10.1.1",
"@node-minify/terser": "^10.1.1",
"http-server": "^14.1.1",
"node-7z": "^3.0.0"
},