github dependabot security

[waj-vx]

What is the current behavior?

We encounter a couple of security issues with pickr-1.8.2 as reported by gitub dependabot alerts. Any solution for this?

Samples

Inefficient Regular Expression Complexity in chalk/ansi-regex [High]
#31 opened 21 days ago • Detected in ansi-regex (npm)

Improper Verification of Cryptographic Signature in `node-forge` Moderate
#30 opened 21 days ago • Detected in node-forge (npm)

Improper Verification of Cryptographic Signature in node-forge [High]
#29 opened 21 days ago • Detected in node-forge (npm)

Improper Verification of Cryptographic Signature in node-forge [High]
#28 opened 21 days ago • Detected in node-forge (npm)

Uncontrolled Resource Consumption in ansi-html [High]
#27 opened 21 days ago • Detected in ansi-html (npm)

Open Redirect in node-forge [Moderate]
#26 opened 21 days ago • Detected in node-forge (npm)

Prototype Pollution in node-forge debug API. [Low]
#25 opened 21 days ago • Detected in node-forge (npm)

URL parsing in node-forge could lead to undesired behavior. [Low]
#24 opened 21 days ago • Detected in node-forge (npm)

json-schema is vulnerable to Prototype Pollution [Moderate]
#23 opened 21 days ago • Detected in json-schema (npm)

Please provide the steps to reproduce and create a JSFiddle.

github > Project page > Security > dependabot

What is the expected behavior?

As few messages as possible

Your environment:

Version (see Pickr.version): 1.8.2
Used bundle (es5 or normal one): normal
Used theme (default is classic): nano.min.css
Browser-version:  Chrome 101.0.4951.67
Operating-system:  Windows 10 and Linux