-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerable dependencies ( indirect security issues ?? ) #905
Comments
A new medium level vulnerability has been identified since for semver version used (7.5.0). Recommended action is to update to 7.5.2. |
Please update dependency to |
Fix on #919 |
@jfromaniello is there any update on this or merging #919? |
Up, this is urgent. |
semver vulnerability has been fixed in release v9.0.2 |
Hello maintainers,
I wanted to bring to your attention that after installing the package, I ran a vulnerability scan with vulert abom on the lock file and discovered that there are over 40 vulnerable dependencies present. As these vulnerabilities can potentially impact the security of the entire project, I am unsure whether to report this under responsible disclosure.
For your reference, here is a link to the report of the package-lock file I scanned: https://vulert.com/vuln-scan/list/6e7e2e2d-eac3-426a-bd59-d1aca63d3e65
I recommend that we take immediate action to address these vulnerabilities and ensure the security of the project. Please let me know if you require any further information.
Thank you.
The text was updated successfully, but these errors were encountered: