react-json-view icon indicating copy to clipboard operation
react-json-view copied to clipboard

Published 20 hours ago verified publisher icon mac-s-g

Transitive Critical Vulnerability through `flux`

Open eallen10 opened this issue 3 years ago • 1 comments

flux version 4.0.2 contains a nested transitive dependency on version 2.6.1 of node-fetch

flux/4.0.2
    fbjs/3.0.0
        cross-fetch/3.1.4
            node-fetch/2.6.1

A simple version bump to the latest flux 4.0.3 should resolve this vuln by bubbling down the newer versions of the transitive deps which result in node-fetch 2.6.7

eallen10 avatar Jun 23 '22 02:06 eallen10

https://github.com/TexteaInc/json-viewer#usage

himself65 avatar Sep 18 '22 20:09 himself65