SudoPlz
commented
4 weeks ago hey there, why not just force it to use a more recent version of axios instead locally?
Open wryczko-revolve opened 4 weeks ago
SudoPlz
commented
4 weeks ago hey there, why not just force it to use a more recent version of axios instead locally?
wryczko-revolve
commented
3 weeks ago I did that thanks. I was just wondering if you knew about that vulnerability
SudoPlz
commented
3 weeks ago No I wasn't aware of it, thanks for bringing it up.
Hi,
npm audit shows that one of the dependencies (react-native-siren 0.0.5), which is no longer maintained (last version was published 3 years ago) has critical vulnerabilities, because it depends on old version of apisause (2.1.6) and that depends on old version of axios (0.21.4). Would it be possible to replace react-native-siren with different library?