Security Vulnerability in dependency

Question

broughtonkkornl opened this issue 3 years ago · comments

Please update your shortid dependency to remove this moderate vulnerability:

Andrey Sitnik · Answer 1 · Tue Feb 01 2022 01:10:18 GMT+0800 (China Standard Time)

It is false alarm. This security issue doesn’t affect Nano ID 2.x.

I am trying to contact Snyk, but they are silent for some reason.

Andrey Sitnik · Answer 2 · Tue Feb 01 2022 02:53:44 GMT+0800 (China Standard Time)

Snyk told that CVE was changed and will be updated in a few days.

broughtonkkornl · Answer 3 · Tue Feb 01 2022 02:57:25 GMT+0800 (China Standard Time)

Andrey: I appreciate the quick response, I am happy to hear it is being addressed. Thanks, Kim Broughton

________________________________ From: Andrey Sitnik ***@***.***> Sent: Monday, January 31, 2022 1:53 PM To: dylang/shortid ***@***.***> Cc: Broughton, Kim ***@***.***>; Author ***@***.***> Subject: [EXTERNAL] Re: [dylang/shortid] Security Vulnerability in dependency (Issue #164) Snyk told that CVE was changed and will be updated in a few days. — Reply to this email directly, view it on GitHub<#164 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APONKIZGYQAQT3FJQ5FFF6DUY3LEHANCNFSM5NGYYELQ>. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you authored the thread.Message ID: ***@***.***>