ljharb
commented
4 years ago a) this CVE, like most CVEs, is a false positive, and should be ignored b) Duplicate of #34. Duplicate of #35. Duplicate of #45.
Closed philosophocat closed 4 years ago
ljharb
commented
4 years ago a) this CVE, like most CVEs, is a false positive, and should be ignored b) Duplicate of #34. Duplicate of #35. Duplicate of #45.
There is a message after installation: found 2 vulnerabilities (1 moderate, 1 high). It seems it's time to update svgo package, both of vulnerabilities point to babel-plugin-inline-react-svg > svgo > js-yaml (https://npmjs.com/advisories/788, https://npmjs.com/advisories/813)
upd: found #35, if the update is unlikely, this one can be closed