reactotron icon indicating copy to clipboard operation
reactotron copied to clipboard
verified publisher icon infinitered

Bump `query-string` to at least 7.1.3

Open markrickert opened this issue 2 years ago • 1 comments

There is a Denial of Service (DoS) vulnerability in decode-uri-component which is a dependency of query-string. It is fixed in [email protected].

The package reactotron-react-native has a dependency of [email protected].

We should upgrade query-string to mitigate this vulnerability.

See: https://github.com/react-navigation/react-navigation/pull/11069 And: https://security.snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970

Note that there is a possible breaking change in query-string 7: https://github.com/sindresorhus/query-string/releases/tag/v7.0.0

markrickert avatar Dec 11 '23 17:12 markrickert

hello can i take this task ?

nirajgeorgianflex avatar Oct 31 '24 10:10 nirajgeorgianflex