Parcel version outdated

Plasmo's parcel version is outdated and has high vulnerability. Current version is set to 2.9.3, but this uses an outdated msgpackr version. Is there any plan to fix this? Unfortunately this is a large security concern and blocks our use. Github scanner advisory: https://github.com/advisories/GHSA-7hpj-7hhx-2fgx I do see a PR that has been untouched for 6 months in the repo: https://github.com/PlasmoHQ/plasmo/pull/813
GitHub
CVE-2023-52079 - GitHub Advisory Database
msgpackr's conversion of property names to strings can trigger infinite recursion
GitHub
chore: upgrade Parcel by louisgv · Pull Request #813 · PlasmoHQ/pla...
Details An initial attempt at upgrading Parcel. Tracking the following blockers: parcel-bundler/parcel#9057 <- might need to do the patch or swap out the js packager, re: #786 I need help with...
1 Reply
Jiwei Yuan
Jiwei Yuan7mo ago
@Expert same question,if there are any plan to upgrade parcel
Want results from more Discord servers?
Add your server