High Severity vulnerability due to svg-sprite-loader. Doing an npm audit or npm audit --prod while using the @bentley/ui-core, @bentley/ui-framework, or @bentley/ui-ninezone packages.
Below is the resulting audit message:
High Prototype Pollution in set-value
Package set-value
Patched in >=4.0.1
Dependency of ad28319c34b8e711464617a06df5b62e2a797da525790908142141ca43b…
Path ad28319c34b8e711464617a06df5b62e2a797da525790908142141ca43b…
>
49124b4278876148ddfe8695b33cf0a5ac740439f7f57fc18101970040a…
> svg-sprite-loader > svg-baker > micromatch > snapdragon >
base > cache-base > set-value
More info https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
Describe the bug
High Severity vulnerability due to svg-sprite-loader. Doing an
npm audit
ornpm audit --prod
while using the @bentley/ui-core, @bentley/ui-framework, or @bentley/ui-ninezone packages.Below is the resulting audit message: