icu-to-json (>=0.0.1 <=0.0.20) potentially affected by CVE-2025-57353 via @messageformat/runtime (=3.0.1)
@messageformat/runtime NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @messageformat/runtime and may be impacted: - icu-to-json =0.0.1, =0.0.20 Source cves: CVE-2025-57353 Source advisory: OSV:GHSA-6XV4-9CQP-92RH...