17 security issues

[TheSnowGuru]

ansi-html
1 ansi-html vulnerability found in package-lock.json 5 days ago
Remediation
No patched version is available.

Details
CVE-2021-23424
high severity
Vulnerable versions: <= 0.0.7
Patched version: No fix
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.

and I found many other security issues you should attend and fix, thank you!

[TheSnowGuru]

1. immer critical severity
2. yarn.lock - follow-redirects - high severity
3. yarn.lock - ansi-html high severity
4. package-lock.json glob-parent high severity
5. yarn.lock follow-redirects high severity
6. package-lock.json ansi-html high severity
7. yarn.lock postcss moderate severity
8. yarn.lock ansi-regex moderate severity
9. yarn.lock react-bootstrap-table moderate severity
10. package-lock.json json-schema moderate severity
11. yarn.lock browserslist moderate severity
12. yarn.lock nth-check moderate severity
13. yarn.lock postcss moderate severity
14. package-lock.json node-fetch low severity
15. package-lock.json node-forge low severity
16. yarn.lock node-forge low severity
17. package-lock.json node-fetch low severity

[codedthemes]

Hi, Thanks for notifying us. We are working on BS5 at this moment, so we will check if these issues are resolve after that or not.

[TheSnowGuru]

@codedthemes any news on this?

[codedthemes]

Not yet. This is in our backlog and we will work on it. In the meantime, if you wanna fix it and create PR, I can appreciate it.

[TheSnowGuru]

no clue how to , sorry

[codedthemes]

We have given an update, please check if that works for you. the issues has been reduced from 94 to 22 at this point.

[app-generator]

@codedthemes ty for the fix!
@TheSnowGuru let us know if you need further assistance.