Transitive Dependency vulnerability

[vibecodius]

html-to-docx, which has a transitive dependency on min-document (through virtual-dom → global → min-document). This pulls in a version of min-document affected by a known prototype pollution vulnerability. Details from GitHub Advisories: GHSA-rx8g-88g5-qh64. There's a descendent https://github.com/turbodocx/html-to-docx which addresses it and I'm making PRs for larger projects to shift off the vulnerable library. Happy to help test any changes if needed.