Open mobidev111 opened 4 years ago
currently used version of dependency tsdx fails the npm security audit:
"tsdx": "^0.12.3",
https://github.com/sw-yx/react-netlify-identity/blob/master/package.json#L56
│ moderate │ Cross-Site Scripting │ │ Package │ serialize-javascript │ │ Patched in │ >=2.1.1
no npm audit failure
upgrade to latest version of tsdx
This prevents this library to be used in any security aware projects
Same for "yargs-parser"
Current Behavior
currently used version of dependency tsdx fails the npm security audit:
https://github.com/sw-yx/react-netlify-identity/blob/master/package.json#L56
│ moderate │ Cross-Site Scripting │ │ Package │ serialize-javascript │ │ Patched in │ >=2.1.1
Expected behavior
no npm audit failure
Suggested solution(s)
upgrade to latest version of tsdx
Additional context
This prevents this library to be used in any security aware projects