A transitive dependency is a library that is included in your project indirectly through another dependency. A vulnerability in a transitive dependency can be fixed by adding a new direct dependency of the library in your project.
This issue was fixed in version 0.6.1. That version is currently considered safe, so we suggest that you add version 0.6.1.
Applying the fix may break your project, so we recommend that you always build and test your project to verify that the fix has been successful.
##### package.json
Your negotiator 0.4.9 library, a transitive dependency in your RiseVision/rise-core repository, is subject to vulnerability SID-2475: Regular Expression Denial of Service (ReDoS).
A transitive dependency is a library that is included in your project indirectly through another dependency. A vulnerability in a transitive dependency can be fixed by adding a new direct dependency of the library in your project.
This issue was fixed in version 0.6.1. That version is currently considered safe, so we suggest that you add version 0.6.1.
Applying the fix may break your project, so we recommend that you always build and test your project to verify that the fix has been successful. ##### package.json
For more information on this vulnerability, please visit the SourceClear Registry.