search

imodeljs / create-react-app

Set up a modern web app by running one command.
https://create-react-app.dev
MIT License
2 stars 7 forks source link

Vulnerability GHSA-4jqc-8m5r-9rpr #58

Closed StefanRetief closed 2 years ago

StefanRetief commented 2 years ago

Describe the bug

High Severity vulnerability due to svg-sprite-loader. Doing an npm audit or npm audit --prod while using the @bentley/ui-core, @bentley/ui-framework, or @bentley/ui-ninezone packages.

Below is the resulting audit message:

  High            Prototype Pollution in set-value

  Package         set-value

  Patched in      >=4.0.1

  Dependency of   ad28319c34b8e711464617a06df5b62e2a797da525790908142141ca43b…

  Path            ad28319c34b8e711464617a06df5b62e2a797da525790908142141ca43b…
                  >
                  49124b4278876148ddfe8695b33cf0a5ac740439f7f57fc18101970040a…
                  > svg-sprite-loader > svg-baker > micromatch > snapdragon >
                  base > cache-base > set-value

  More info       https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
aruniverse commented 2 years ago

Waiting on https://github.com/jonschlinkert/cache-base/pull/23

StefanRetief commented 2 years ago

Looks like it was resolved with that update. Closing