search

BugiDev / react-native-calendar-strip

Easy to use and visually stunning calendar component for React Native.
MIT License
958 stars 329 forks source link

fix: security issue #385

Open Blasci opened 1 week ago

Blasci commented 1 week ago

Output of npm audit

node-fetch  <2.6.7
Severity: high
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g fix available via `npm audit fix --force`
Will install react-native-calendar-strip@1.4.2, which is a breaking change node_modules/isomorphic-fetch/node_modules/node-fetch
  isomorphic-fetch  2.0.0 - 2.2.1
  Depends on vulnerable versions of node-fetch
  node_modules/isomorphic-fetch
    fbjs  0.7.0 - 1.0.0
    Depends on vulnerable versions of isomorphic-fetch
    node_modules/recyclerlistview/node_modules/fbjs
      prop-types  15.5.0-alpha.0 - 15.6.1
      Depends on vulnerable versions of fbjs
      node_modules/recyclerlistview/node_modules/prop-types
        recyclerlistview  <=4.0.1
        Depends on vulnerable versions of prop-types
        node_modules/recyclerlistview
          react-native-calendar-strip  >=2.0.0
          Depends on vulnerable versions of recyclerlistview
          node_modules/react-native-calendar-strip