Skip to content

"merge" lib. dependency #495

@raul320pl

Description

@raul320pl

🐛Bug report

Describe the bug
there is a problem with "merge" dependency:
Przechwytywanie

To Reproduce
npx create-react-app xxx
npm install react-timeseries-charts
npm audit

this will return:

merge  <2.1.1
Severity: high
Prototype Pollution in merge - https://github.com/advisories/GHSA-7wpw-2hjm-89gp
No fix available
node_modules/merge
  react-timeseries-charts  *
  Depends on vulnerable versions of merge
  node_modules/react-timeseries-charts

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions