MSW Depends on vulnerable versions of cookie - @bundled-es-modules/cookie on [email protected]

[nemonemi]

Prerequisites

• I confirm my issue is not in the opened issues
• I confirm the Frequently Asked Questions didn't contain the answer to my issue

Environment check

• I'm using the latest msw version
• I'm using Node.js version 18 or higher

Browsers

No response

Reproduction repository

No need for repo in this case

Reproduction steps

Please update the vulnerable version of @bundled-es-modules/cookie.

Current behavior

npm audit report

cookie <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - GHSA-pxg6-pf52-xh8x
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/@bundled-es-modules/cookie/node_modules/cookie
@bundled-es-modules/cookie >=2.0.0
Depends on vulnerable versions of cookie
node_modules/@bundled-es-modules/cookie
msw >=2.0.0
Depends on vulnerable versions of @bundled-es-modules/cookie
node_modules/msw

Expected behavior

This version of cookie should not be used.

[tony-cocco]

Possible dupe of #2308

[kettanaito]

Hi. Thanks for opening this. Duplicate of #2308, already merged the fix in @bundled-es-modules/cookie, it just needs to be released by the maintainers. A PR with the release automation also suggested to make this faster next time. Be patient.