Vulnerable dependencies (indirect security issues)
davidz1337 opened this issue · 2 comments
Before you begin...
- I have searched the existing issues
- I am not using version 13.x of node (if so, please upgrade)
Description of the problem
Hello maintainers,
I wanted to bring to your attention that after installing the package, I ran a vulnerability scan with vulert abom on the lock file and discovered that there are over 4 vulnerable dependencies present. As these vulnerabilities can potentially impact the security of the entire project, I am unsure whether to report this under responsible disclosure.
For your reference, here is a link to the report of the package-lock file I scanned: https://vulert.com/vuln-scan/list/4c16d00c-69fc-42a7-b377-3be3b84f74ba
I recommend that we take immediate action to address these vulnerabilities and ensure the security of the project. Please let me know if you require any further information.
P.S. this is the lock file i scanned: https://github.com/uuidjs/uuid/blob/main/package-lock.json
Thank you.
Recipe for reproducing
No response
Additional information
No response
Environment
No response
Thanks for the report. These vulnerabilities are in downstream dev dependencies which don't affect users of this module, and which we regularly update as part of releasing new versions. We'll fix this as part of our next release.
Marking as stale due to 90 days with no activity.