netlify-cms-widgets
netlify-cms-widgets copied to clipboard
Published
20 hours ago •
ekoeryanto
ekoeryanto
Insecure dependency: event-stream 3.3.6
trafficstars
We noticed this repo pulls in event-stream at version 3.3.6 as a dependency. This version has had malicious code injected into it (see https://github.com/dominictarr/event-stream/issues/116 for more information) and we recommend that you either upgrade to 4.0.1 or downgrade to 3.3.4 as soon as possible.
(Dependabot can't generate downgrade PRs for sub-dependencies at the moment, but we wanted to warn you about the issue all the same.)
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "Published by a pub.dev verified publisher"){kind=small}