[Bug] Vulnerability detected -- package update needed?

mapillary / mapillary-python-sdk

A Python 3 library built on the Mapillary API v4 to facilitate retrieving and working with Mapillary data.

MIT License

41 stars 16 forks source link

[Bug] Vulnerability detected -- package update needed? #126

Closed cbeddow closed 2 years ago

cbeddow commented 3 years ago

GitHub has detected that a package defined in the docs/yarn.lock file of the mapillary/mapillary-python-sdk repository contains a security vulnerability.

Package name: immer Affected versions: < 9.0.6 Fixed in version: 9.0.6 Severity: MODERATE

Identifier(s): GHSA-33f9-j839-rf8h CVE-2021-23436

Reference(s): https://nvd.nist.gov/vuln/detail/CVE-2021-23436 https://github.com/advisories/GHSA-33f9-j839-rf8h

Rubix982 commented 3 years ago

Hmm, I'll look into this. Probably caused by the docusaurus instance. I think I should update all the dependencies in one go. It's caused by the immer dependency that is depended by the docusaurs package under docs/.

cbeddow commented 2 years ago

@Rubix982 it sounds like these do not actually block the docs from deploying and we can safely ignore these