Closed ebulku closed 1 year ago
prop-types
isn't node-fetch
, and the latest versions of prop-types
aren't vulnerable, so you'll need to update your deps, or take it up with the maintainers of the transitive deps that need to update.
Sorry my mistake, was planning to open an issue at react-native-deck-swiper
node-fetch <=2.6.6 Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
Will install react-native-deck-swiper@1.1.7, which is a breaking change
node_modules/isomorphic-fetch/node_modules/node-fetch isomorphic-fetch 2.0.0 - 2.2.1 Depends on vulnerable versions of node-fetch node_modules/isomorphic-fetch fbjs 0.7.0 - 1.0.0 Depends on vulnerable versions of isomorphic-fetch node_modules/react-native-deck-swiper/node_modules/fbjs prop-types 15.5.0-alpha.0 - 15.6.1 Depends on vulnerable versions of fbjs node_modules/react-native-deck-swiper/node_modules/prop-types react-native-deck-swiper >=1.1.8 Depends on vulnerable versions of prop-types node_modules/react-native-deck-swiper