Hello
I'm getting an error today in my pipeline that runs npm audit -prod
luxon 2.0.0 - 2.5.1
Severity: high
Luxon Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-3xq5-wjfh-ppjc
fix available via `npm audit fix --force`
Will install @ArcGIS/core@4.25.5, which is outside the stated dependency range
node_modules/luxon
@ArcGIS/core 4.21.0-next.20210721 - 4.25.0-next.20221108
Depends on vulnerable versions of luxon
node_modules/@arcgis/core
All version of ArcGis are using luxon versions that have this vulnerability. In git hub for luxon it says to update to newer versions
https://github.com/advisories/GHSA-3xq5-wjfh-ppjc
Is ArcGis going to release an update soon? if not i cannot release my app since i'm not allowed to deploy high severity vulnerabilities.
Is there a work around while you work on an upgrade?
Thank you
Fabian