Dependency `diff` v4.0.2 has security notifications from Dependabot

https://github.com/advisories/GHSA-73rr-hh4g-fpgx

It doesn't appear that the uses of `diff` in Gutenberg packages are affected by the vulnerability, as the vulnerability affects the `parsePatch` and `applyPatch` functions while Gutenberg uses only `diffChars` and the `Change` type. 

https://github.com/WordPress/gutenberg/blob/e4b7728a6863e03dc123c0787cdcf6192284c691/packages/block-editor/src/components/block-compare/index.js#L7
https://github.com/WordPress/gutenberg/blob/e4b7728a6863e03dc123c0787cdcf6192284c691/packages/sync/src/quill-delta/Delta.ts#L10-L11

Regardless, I'd appreciate if you'd update the dependency so Dependabot stops complaining about it in our repo. Thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependency `diff` v4.0.2 has security notifications from Dependabot #74669

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

	import type { Change } from 'diff';
	import { diffChars } from 'diff';

Dependency diff v4.0.2 has security notifications from Dependabot #74669

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

Dependency `diff` v4.0.2 has security notifications from Dependabot #74669