Hi, I just got message from dependabot:

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components

Can we expect fix in near future?

Thanks