shortid references to nanoid of ^2.1.0 version which contains vulnerability

Question

VladimirTrunov opened this issue 2 years ago · comments

Hello everyone,

This library references to nanoid of ^2.1.0 version which contains vulnerability. Could anybody please take a look?

Thanks,
-Vladimir

Andrey Sitnik · Answer 1 · Tue Feb 22 2022 02:05:03 GMT+0800 (China Standard Time)

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable

Nano ID 2.1 is not affected.

Vladimir Trunov · Answer 2 · Tue Feb 22 2022 04:24:21 GMT+0800 (China Standard Time)

Oh, yes, I'm sorry