Moderate vulnerability in static-module v.1 used

[ekelvin]

Can you please consider upgrade to version 3 on which this is patched?

Moderate Sandbox Breakout / Arbitrary Code Execution
Package static-eval
Patched in >=2.0.0
Dependency of static-module
Path static-module > static-eval
More info https://nodesecurity.io/advisories/548

[bbruneau]

Bueller?

[WieserSoftware]

There seems to be a PR that already does this.
#21

[adarob]

/sub