A high severity vulnerability introduced in cloudcms-server

Hi, a vulnerability https://snyk.io/vuln/SNYK-JS-MERGE-1040469 is introduced in cloudcms-server via:
●  cloudcms-server@3.3.1-beta.8 ➔ watch@1.0.2 ➔ exec-sh@0.2.2 ➔ merge@1.2.1

However, **_watch_** is a legacy package, which has not been maintained for about 4 years.
Is it possible to migrate **_watch_** to other package or remove it to remediate this vulnerability?

I noticed a migration record in other js repo for **_watch_**:

● in @google/clasp, version 2.3.2 ➔ 2.4.0, Migrate from watch to chokidar via [commit](https://github.com/google/clasp/commit/003d422b5b5fdae4ece6eb6c24db2591b53fc956)
● in forever-monitor, version 1.5.2 ➔ 1.6.0, Migrate from watch to chokidar via [commit](https://github.com/foreversd/forever-monitor/commit/12e35fcd17f0e7beace9a62dfd949300fe4fb371)

Are there any efforts planned that would remediate this vulnerability or migrate **_watch_**?

Thanks
; )

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

A high severity vulnerability introduced in cloudcms-server #6

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

A high severity vulnerability introduced in cloudcms-server #6

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions