We use a tool called Aikido that scans our apps to find vulnerabilities and jsonapi-react uses qs in a version that Aikido is considering "High Risk":
They consider qs@6.10.3 already enough, but I changed it to the latest version, which is qs@6.11.2 because it doesn't seem to break anything. Let me know if you want me to change that.
That's my first time requesting a change here, so feel free to guide me toward your way of dealing with requests.
Hello folks,
We use a tool called Aikido that scans our apps to find vulnerabilities and
jsonapi-reactusesqsin a version that Aikido is considering "High Risk":They consider
qs@6.10.3already enough, but I changed it to the latest version, which isqs@6.11.2because it doesn't seem to break anything. Let me know if you want me to change that.That's my first time requesting a change here, so feel free to guide me toward your way of dealing with requests.
Thanks