sort-by >=1.1.0 Depends on vulnerable versions of object-path

Question

sort-by >=1.1.0 Depends on vulnerable versions of object-path

Opened this issue 8 months ago · 1 comments

jawadibrahimshopnil commented 8 months ago

while installing react router this happen:

npm audit report

object-path <=0.11.7
Severity: high
Prototype Pollution in object-path - GHSA-v39p-96qg-c8rf
Prototype pollution in object-path - GHSA-cwx2-736x-mf6w
Prototype Pollution in object-path - GHSA-8v63-cqqc-6r2c
fix available via npm audit fix --force
Will install sort-by@0.0.2, which is a breaking change
node_modules/sort-by/node_modules/object-path
sort-by >=1.1.0
Depends on vulnerable versions of object-path
node_modules/sort-by

2 vulnerabilities (1 moderate, 1 high)

To address all issues (including breaking changes), run:
npm audit fix --force

Answer 1 · 2024-05-03T13:02:26.000Z

I'm having this issue to. Any solutions yet?