Reproducible in vscode.dev or in VS Code Desktop?
Reproducible in the monaco editor playground?
Monaco Editor Playground Link
No response
Monaco Editor Playground Code
Reproduction Steps
npm install monaco-editor
Actual (Problematic) Behavior
Right now in published monaco-editor/package.json dependencies marked and dompurify have fixed versions. Dompurify 3.2.7 has vulnerabilities (see #5248). If dompurify dependency supports ranges, I could get rid of the vulnerability warnings and install the updated version of Dompurify transitively.
Expected Behavior
Provide ranges in package.json for dependencies
"dependencies": {
"marked": "^14.0.0",
"dompurify": "^3.2.7"
},
No response
Additional Context
No response
Reproducible in vscode.dev or in VS Code Desktop?
Reproducible in the monaco editor playground?
Monaco Editor Playground Link
No response
Monaco Editor Playground Code
Reproduction Steps
npm install monaco-editorActual (Problematic) Behavior
Right now in published
monaco-editor/package.jsondependenciesmarkedanddompurifyhave fixed versions. Dompurify 3.2.7 has vulnerabilities (see #5248). Ifdompurifydependency supports ranges, I could get rid of the vulnerability warnings and install the updated version of Dompurify transitively.Expected Behavior
Provide ranges in
package.jsonfor dependenciesNo response
Additional Context
No response