janpospisil-eaton
commented
1 month ago Hi again,
unset-value is vulnerable to a prototype pollution attack. A remote attacker may be able to execute arbitrary code, or cause a denial-of-service (DoS) by tricking the library into modifying or adding properties of Object.prototype.
The fix is in 2.0.1 version: https://github.com/jonschlinkert/unset-value/releases
Can you update the find-yarn-workspace-root library and use latest version 2.0.0 ? Are there any compatibility issues with other dependencies ? Does it require broader re-factoring ?
Thank you, Jan
Hi, our last cyber security scan resulted in a high risk being detected regarding the unset-value dependency that is used within this project. Can you update the find-yarn-workspace-root library and use latest version 2.0.0 ? Are there any other ways how to resolve the issue ?
Thank you.