Vulnerabilities found in latest and previous version of react-ion icons

Question

Vulnerabilities found in latest and previous version of react-ion icons

Opened this issue 3 years ago · 0 comments

Hello,

I have installed the latest version of react-ionicons and found 12 high and 2 medium type of vulnerabilities.

node-fetch <=2.6.6
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - GHSA-r683-j2x4-v87g
The size option isn't honored after following a redirect in node-fetch - GHSA-w7rc-rwvf-8q5r
fix available via npm audit fix --force
Will install react-ionicons@4.2.0, which is a breaking change
node_modules/node-fetch
isomorphic-fetch 2.0.0 - 2.2.1
Depends on vulnerable versions of node-fetch
node_modules/isomorphic-fetch
fbjs 0.7.0 - 1.0.0
Depends on vulnerable versions of isomorphic-fetch
node_modules/fbjs
react 0.15.0-alpha.1 - 16.4.2
Depends on vulnerable versions of fbjs
node_modules/react-ionicons/node_modules/react
react-dom 0.15.0-alpha.1 - 16.4.2
Depends on vulnerable versions of fbjs
Depends on vulnerable versions of react
node_modules/react-ionicons/node_modules/react-dom
react-ionicons <=3.0.1
Depends on vulnerable versions of react
node_modules/react-ionicons

6 high severity vulnerabilities

node_modules/react-ionicons/node_modules/react
react-dom 0.15.0-alpha.1 - 16.4.2
Depends on vulnerable versions of fbjs
Depends on vulnerable versions of react
node_modules/react-ionicons/node_modules/react-dom

7 high severity vulnerabilities