guardrails[bot]
commented
1 year ago :warning: We detected 1 security issue in this pull request:
Mode: paranoid | Total findings: 1 | Considered vulnerability: 1
Vulnerable Libraries (1)
Severity | Details ----- | -------- High | [pkg:npm/loader-utils@2.0.4@2.0.4](https://github.com/turkdevops/vscode/blob/49dfee3efb579a5866bd703a39a728bd96e424e6/extensions/markdown-language-features/yarn.lock#L2735) (t) - **no patch available** More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).
π Go to the dashboard for detailed results.
π₯ Happy? Share your feedback with us.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4
SNYK-JS-JSON5-3182856
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Prototype Pollution