analytics.js-integration icon indicating copy to clipboard operation
analytics.js-integration copied to clipboard

Published 20 hours ago verified publisher icon segmentio

Vulnerability in dependency [email protected]

Open andrewwakeling opened this issue 5 years ago • 1 comments

There's a known vulnerability in [email protected] https://nvd.nist.gov/vuln/detail/CVE-2018-16492

Updating to 3.0.2 should remove this vulnerability.

It would be great if this package could be updated as this is being flagged as a high vulnerability in my project.

andrewwakeling avatar Mar 22 '19 04:03 andrewwakeling

My project has transitive dependency on [email protected]. I am not sure which of the root dependencies to update in order to update the extend package. I ran the "npm audit fix" commands to update the npm packages but it still didn't remove the [email protected] high vulnerability. image

NehaJantre avatar Jun 12 '19 20:06 NehaJantre