Skip to content

refresh lockfile to automatically remove the vulnerability introduced by [email protected] #6

Description

@paimon0715

Hi, @mkohanim, I have reported a vulnerability issue in package mqtt.

As far as I am aware, vulnerability CVE-2021-32640 detected in package ws(<5.2.3,>=6.0.0 <6.2.2,>=7.0.0 <7.4.6) is directly referenced by  [email protected], on which your package [email protected] transittively depends. As such, this vulnerability can also affect [email protected] via the following path:
[email protected][email protected][email protected][email protected](vulnerable version)

Since mqtt has released a new patched version [email protected] to resolve this issue ([email protected][email protected][email protected](fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
[email protected][email protected][email protected][email protected](vulnerability fix version).

dependency path

A warm tip.^_^

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions