Hi, @mkohanim, I have reported a vulnerability issue in package mqtt.
As far as I am aware, vulnerability CVE-2021-32640 detected in package ws(<5.2.3,>=6.0.0 <6.2.2,>=7.0.0 <7.4.6) is directly referenced by [email protected], on which your package [email protected] transittively depends. As such, this vulnerability can also affect [email protected] via the following path:
[email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected](vulnerable version)
Since mqtt has released a new patched version [email protected] to resolve this issue ([email protected] ➔ [email protected] ➔ [email protected](fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
[email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected](vulnerability fix version).

A warm tip.^_^
Hi, @mkohanim, I have reported a vulnerability issue in package mqtt.
As far as I am aware, vulnerability CVE-2021-32640 detected in package ws(<5.2.3,>=6.0.0 <6.2.2,>=7.0.0 <7.4.6) is directly referenced by [email protected], on which your package [email protected] transittively depends. As such, this vulnerability can also affect [email protected] via the following path:
[email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected](vulnerable version)Since mqtt has released a new patched version [email protected] to resolve this issue ([email protected] ➔ [email protected] ➔ [email protected](fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
[email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected](vulnerability fix version).A warm tip.^_^