search

airbnb / babel-plugin-inline-react-svg

A babel plugin that optimizes and inlines SVGs for your React Components.
MIT License
474 stars 92 forks source link

[WARNING] found 2 vulnerabilities #69

Closed rrfaria closed 4 years ago

rrfaria commented 4 years ago

=== npm audit security report === 

                            Manual Review                                                          
        Some vulnerabilities require your attention to resolve                 

     Visit https://go.npm.me/audit-guide for additional guidance

Moderate Denial of Service

│ Package │ js-yaml

│ Patched in │ >=3.13.0

│ Dependency of │ babel-plugin-inline-react-svg [dev]

│ Path │ babel-plugin-inline-react-svg > svgo > js-yaml

│ More info │ https://npmjs.com/advisories/788

│ High │ Code Injection

│ Package │ js-yaml

│ Patched in │ >=3.13.1

│ Dependency of │ babel-plugin-inline-react-svg [dev]

│ Path │ babel-plugin-inline-react-svg > svgo > js-yaml

│ More info │ https://npmjs.com/advisories/813

found 2 vulnerabilities (1 moderate, 1 high)

ljharb commented 4 years ago

These are non-problems with our usage of svgo; duplicate of #45. See #34, #35.

See also, https://github.com/airbnb/babel-plugin-inline-react-svg/issues/45#issuecomment-483912268 and https://github.com/airbnb/babel-plugin-inline-react-svg/issues/45#issuecomment-483912268