Closed VladimirTrunov closed 2 years ago
Let’s me double check that CVE exists in 2.x. If yes, I will release a patch to 2.x branch as well.
But I highly recommend migration from shortid
to nanoid
.
Yeap, the CVE need to be updated. It doesn’t affect 2.x. I will ask snyk team.
Done. Let’s wait a week for CVE updates.
Hello everyone,
A new Component Governance issue was generated regarding to nanoid: CVE-2021-23566
To fix this alert, we need to get nanoid updated in this library to at least 3.1.31
Thanks, -Vladimir