Skip to content

v0.2.4

Latest
Latest

Choose a tag to compare

View all tags
@atsyplenkov atsyplenkov released this 18 Mar 15:18
0.2.4
18c8d8d

v0.2.4 — Security Patch

No functional changes. This release upgrades transitive dependencies to address a Dependabot security alert.

Vulnerability

Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

Affected packages in the dependency tree:

  • serialize-javascript — upgraded from 6.0.2 to 7.0.3
  • minimatch — upgraded from 9.0.5 to 9.0.7

Both are transitive dependencies pulled in by mocha and @vscode/test-cli (devDependencies only). The vulnerability does not affect runtime extension code, but is resolved out of caution.

References

Install

Download formalist-0.2.4.vsix from the release assets and install via:

code --install-extension formalist-0.2.4.vsix
Assets 3
Loading