Closed Tenkir closed 6 years ago
Seeing the same here. My dependency path was svg-react-loader > css > source-map-resolve > atob
. Awesome news is that atob
, source-map-resolve
, and css
have all updated past the vulnerability. Now if only svg-react-loader
would update, I'd have 0 npm audit
vulterabilities...
There's a PR for that: https://github.com/jhamlet/svg-react-loader/pull/105#pullrequestreview-158967776
Any ETA on getting a release with this fix?
Fixed.
This package currently depends on CSS@2.2.1 there is a security vulnerability in this version which is resolved in the latest version (@2.2.4). This should be updated.
More info: https://nodesecurity.io/advisories/646