Security Patch Release
This release fixes the following security vulnerabilities in transitive dependencies:
Fixed
- braces - Uncontrolled resource consumption vulnerability (Dependabot alert #9)
- rollup - DOM Clobbering gadget leading to XSS (Dependabot alert #11)
- cross-spawn - Regular Expression Denial of Service (ReDoS) (Dependabot alert #12)
How it works
Added npm overrides to force patched versions of vulnerable transitive dependencies:
braces >= 3.0.3rollup >= 4.22.4cross-spawn >= 7.0.5
Full Changelog: v1.2.1...v1.2.2