"added 1060 packages" with 7 high vulnerabilities?

Bunlong / next-share

Social media share buttons and share counts for your next React apps.

https://next-share.js.org

MIT License

242 stars 34 forks source link

"added 1060 packages" with 7 high vulnerabilities? #65

Closed florianwalther-private closed 1 year ago

florianwalther-private commented 2 years ago

Great and useful library! But I have a problem. When I install the latest version of this library, it adds 1060 packages with 7 high vulnerabilities. When I install v0.13.0, I only get 130 and no vulnerabilities. What's the cause of this?

flux0uz commented 2 years ago

Same thing for us! These vulnerabilities appear from the version 0.14.0 that supports React 18. By running the audit fix --force, the library is downgraded to version 0.12.1

haschdl commented 1 year ago

That's quite a big deal! Hoping to get attention from maintainers to fix that.

Bunlong commented 1 year ago

@florianwalther-private, @flux0uz, @haschdl

The issue was fixed in next-share version 0.18.2. Thanks!

florianwalther-private commented 1 year ago

@Bunlong Well done! Thank you very much!

Bunlong commented 1 year ago

@florianwalther-private My pleasure! Thanks!