Transitive Critical Vulnerability through `flux`
eallen10 opened this issue · comments
eallen10 commented
flux
version 4.0.2
contains a nested transitive dependency on version 2.6.1
of node-fetch
flux/4.0.2
fbjs/3.0.0
cross-fetch/3.1.4
node-fetch/2.6.1
A simple version bump to the latest flux
4.0.3
should resolve this vuln by bubbling down the newer versions of the transitive deps which result in node-fetch
2.6.7