Skip to content

Happy-dom vulnerability patch #412

New issue
New issue
Open
Open
Happy-dom vulnerability patch#412
Assignees
brijeshb42
Labels
dependenciesUpdate of dependencies.scope: systemThe system, the design tokens / styling foundations used across components. eg. @mui/system with MUI
@Ghasb001

Description

@Ghasb001
Ghasb001
opened on Nov 6, 2025

When running a pnpm audit in my workspace, I encountered critical warnings related to happy-dom@15.11.7 VM Context Escape vulnerability on packages using Pigment CSS. This issue arises as a transitive dependency of @wyw-in-js/transform@0.5.5.

The latest release, @wyw-in-js/transform@0.8.0, updates its dependency on happy-dom to 20.0.10, resolving these critical pnpm audit warnings.

Upgrading to this version should eliminate the security alerts and bring the dependency tree in line with the patched version of happy-dom.

GHSA-37j7-fg3j-429f
https://github.com/Anber/wyw-in-js/releases/tag/%40wyw-in-js%2F

Metadata

Metadata

Assignees

Labels

dependenciesUpdate of dependencies.scope: systemThe system, the design tokens / styling foundations used across components. eg. @mui/system with MUI

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions