Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"merge" lib. dependency #495

Open
raul320pl opened this issue Jun 19, 2022 · 0 comments
Open

"merge" lib. dependency #495

raul320pl opened this issue Jun 19, 2022 · 0 comments

Comments

@raul320pl
Copy link

🐛Bug report

Describe the bug
there is a problem with "merge" dependency:
Przechwytywanie

To Reproduce
npx create-react-app xxx
npm install react-timeseries-charts
npm audit

this will return:

merge  <2.1.1
Severity: high
Prototype Pollution in merge - https://github.com/advisories/GHSA-7wpw-2hjm-89gp
No fix available
node_modules/merge
  react-timeseries-charts  *
  Depends on vulnerable versions of merge
  node_modules/react-timeseries-charts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant