Closed trombini77 closed 1 year ago
a) this is not a valid vulnerability for the package, you should just ignore it b) this is a duplicate of #2657 and a duplicate of #2658 c) debug is updated to v3 in https://github.com/import-js/eslint-plugin-import/commit/404b5cef76ee6f5f13b678a41349ca923eb97b57
The vast majority of transitive vulnerabilities in the JS ecosystem are false positives, and the default course of action should be to confirm that, and ignore them - this is no different.
Snyk reported a vulnerability on package debug 2.6.9 that is eslint-plugin-import version 2.6.0 (from npmjs) package.json dependency field:
Vulnerability Report: https://security.snyk.io/package/npm/debug/2.6.9
https://www.npmjs.com/package/eslint-plugin-import?activeTab=explore
Does anybody have the intention to fix it? Thanks.