ej2-javascript-ui-controls icon indicating copy to clipboard operation
ej2-javascript-ui-controls copied to clipboard

Published 20 hours ago verified publisher icon syncfusion

unset-value 1.0 has a high security vulnerability, fixed in 2.0.1

Open 24601 opened this issue 1 year ago • 2 comments

Please update ASAP, this breaks compliance certification for us (we are a paying customer)

Snyk scan result:

Screenshot 2024-02-07 at 01 38 22

24601 avatar Feb 07 '24 08:02 24601

Hi @24601

We are working on this issue, we will update once the issue was resolved.

Regards, Muthukrishnan K

kmkrish001 avatar Feb 20 '24 13:02 kmkrish001

Hi 24601,

We have thoroughly validated the reported issue from our end, and we're pleased to inform you that we have taken the necessary steps to address the security vulnerability introduced in the react-filemanager package. The unset package has been eliminated from our filemanager component, ensuring that our package no longer references this third-party package. Additionally, we have undergone testing on our side to ensure that this package is no longer referred to. I have attached necessary images for your reference.

Package.json: image

Package.lock.json: image

node_modules: image

If you have any further questions or need additional assistance, please feel free to reach out to us at any time. We're here to help.

Regards, Mohamed Imran T

Mohamed7Imran avatar Mar 05 '24 04:03 Mohamed7Imran

Since there has been no activity on this issue for over a week, we are closing it as part of our routine maintenance. If the previously shared solution doesn't resolve the problem or if you have additional information to assist us, please feel free to reopen the issue. We appreciate your understanding.

gsumankumar avatar Mar 26 '24 05:03 gsumankumar