Nested dependency on a vulnerable package

whitlockjc / json-refs

Various utilities for JSON Pointers (http://tools.ietf.org/html/rfc6901) and JSON References (http://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03).

MIT License

223 stars 63 forks source link

Nested dependency on a vulnerable package #197

Open nihillno opened 1 year ago

nihillno commented 1 year ago

This project has a nested dependency on formidable@2.0.1, which is vulnerable to CVE-2022-29622.

This needs to be updated to formidable@3.2.5.