You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Package is using old versions of child dependencies, which have vulnerability of very high severity.
One of the package is tough-cookie whose used version is V3.0.1 which is Vulnerable CVE-2023-26136 , and Its minimum version upgraded to V4.1.3
To Reproduce
Steps to reproduce the behavior:
Install the npm package
Observe the package-lock.json file with the child dependencies.
Getting vulnerable versions of child dependencies.
Expected behavior
Latest or package with no vulnerability should be used.
Screenshots
Additional context
We are using this package from long time, due to this vulnerability in this package we have to remove this package and find an alternative, if this issue is not fixed.
The text was updated successfully, but these errors were encountered:
Describe the bug
Package is using old versions of child dependencies, which have vulnerability of very high severity.
One of the package is tough-cookie whose used version is V3.0.1 which is Vulnerable CVE-2023-26136 , and Its minimum version upgraded to V4.1.3
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Latest or package with no vulnerability should be used.
Screenshots
Additional context
We are using this package from long time, due to this vulnerability in this package we have to remove this package and find an alternative, if this issue is not fixed.
The text was updated successfully, but these errors were encountered: