search

datocms / gatsby-source-datocms

Official GatsbyJS source plugin to pull content from DatoCMS
MIT License
140 stars 50 forks source link

Critical security vulnerability: tough-cookie 2.5.0 #226

Open corgrath opened 6 months ago

corgrath commented 6 months ago

Hey

Our npm vulnerability scanner is reporting that this repository has a critical security vulnerability:

https://nvd.nist.gov/vuln/detail/CVE-2023-26136

It is inherited from:

gatsby-source-datocms 5.1.2
    datocms-client 3.5.21
        request 2.88.2
            tough-cookie 2.5.0

Screenshot 2023-12-11 at 12 10 11

Is it possible that DatoCMS can update the packages?