vulnerabilities in packages - js-yaml

[lukasz-galka]

npm audit finds vulnerabilities in your packages, could you update optimize-css-assets-webpack-plugin?

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Denial of Service

  Package         js-yaml

  Patched in      >=3.13.0

  Dependency of   cloudinary-video-player [dev]

  Path            cloudinary-video-player > optimize-css-assets-webpack-plugin
                  > cssnano > postcss-svgo > svgo > js-yaml

  More info       https://nodesecurity.io/advisories/788


  High            Code Injection

  Package         js-yaml

  Patched in      >=3.13.1

  Dependency of   cloudinary-video-player [dev]

  Path            cloudinary-video-player > optimize-css-assets-webpack-plugin
                  > cssnano > postcss-svgo > svgo > js-yaml

  More info       https://nodesecurity.io/advisories/813

found 2 vulnerabilities (1 moderate, 1 high) in 9283 scanned packages
  2 vulnerabilities require manual review. See the full report for details.

[idobarnoam]

Thanks for bringing this to our attention, @lukasz-galka
We will take this internally and see how to approach this.

[idobarnoam]

Thanks for your patience @lukasz-galka.
These are planned to be handled on the next release of the player.

[lukasz-galka]

@idobarnoam thanks!

[the-J]

Hey @idobarnoam is there any estimate on when could we expect new release? Thanks in advance.