ljharb
commented
3 years ago Duplicate of #2522.
https://github.com/enzymejs/enzyme/issues/2522#issuecomment-858081596
Given both that this is a false positive here, and also that https://github.com/cheeriojs/cheerio/issues/1924#issuecomment-856883288 indicates that css-what < 4 is unaffected, and since we use v2.1, this can be closed:
Hello , We are facing the security vulnerability issue with the css-what under enzyme Trying to upgrade the css-what to 5.0.1 but under enzyme it is not upgrading to latest version.
enzyme@3.11.0 └─┬ cheerio@1.0.0-rc.5 └─┬ cheerio-select-tmp@0.1.1 ├─┬ css-select@3.1.2 │ └── css-what@4.0.0 deduped └── css-what@4.0.0
Please Provide suggestion to resolve the vulnerability issues