As far as I am aware, vulnerability(high severity) SNYK-JS-TREEKIT-1077068 detected in package tree-kit<0.7.0 is directly referenced by terminal-kit@1.49.3, on which your package graphqurl@1.0.1 directly depends. As such, this vulnerability can also affect graphqurl@1.0.1 via the following path:
graphqurl@1.0.1 ➔ terminal-kit@1.49.3 ➔ tree-kit@0.6.2(vulnerable version)
Since terminal-kit has released a new patched version terminal-kit@1.49.4 to resolve this issue (terminal-kit@1.49.4 ➔ tree-kit@0.7.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
graphqurl@1.0.1 ➔ terminal-kit@1.49.4 ➔ tree-kit@0.7.0(vulnerability fix version).
Hi, @wawhal, I have reported a vulnerability issue in package terminal-kit.
As far as I am aware, vulnerability(high severity) SNYK-JS-TREEKIT-1077068 detected in package tree-kit<0.7.0 is directly referenced by terminal-kit@1.49.3, on which your package graphqurl@1.0.1 directly depends. As such, this vulnerability can also affect graphqurl@1.0.1 via the following path:
graphqurl@1.0.1 ➔ terminal-kit@1.49.3 ➔ tree-kit@0.6.2(vulnerable version)
Since terminal-kit has released a new patched version terminal-kit@1.49.4 to resolve this issue (terminal-kit@1.49.4 ➔ tree-kit@0.7.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
graphqurl@1.0.1 ➔ terminal-kit@1.49.4 ➔ tree-kit@0.7.0(vulnerability fix version)
.A warm tip. Best regards, ^_^