Component Governance issue detected in the dependency "nanoid": "^2.1.0"

[VladimirTrunov]

Hello everyone,

A new Component Governance issue was generated regarding to nanoid: CVE-2021-23566

To fix this alert, we need to get nanoid updated in this library to at least 3.1.31

Thanks, -Vladimir

[ai]

Let’s me double check that CVE exists in 2.x. If yes, I will release a patch to 2.x branch as well.

But I highly recommend migration from shortid to nanoid.

[ai]

Yeap, the CVE need to be updated. It doesn’t affect 2.x. I will ask snyk team.

[ai]

Done. Let’s wait a week for CVE updates.