Parcel version outdated
Plasmo's parcel version is outdated and has high vulnerability. Current version is set to 2.9.3, but this uses an outdated msgpackr version.
Is there any plan to fix this? Unfortunately this is a large security concern and blocks our use.
Github scanner advisory:
https://github.com/advisories/GHSA-7hpj-7hhx-2fgx
I do see a PR that has been untouched for 6 months in the repo:
https://github.com/PlasmoHQ/plasmo/pull/813
GitHub
CVE-2023-52079 - GitHub Advisory Database
msgpackr's conversion of property names to strings can trigger infinite recursion
GitHub
chore: upgrade Parcel by louisgv · Pull Request #813 · PlasmoHQ/pla...
Details
An initial attempt at upgrading Parcel. Tracking the following blockers:
parcel-bundler/parcel#9057 <- might need to do the patch or swap out the js packager, re: #786
I need help with...
1 Reply
@Expert same question,if there are any plan to upgrade parcel