You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dependency package of display-notification version 2.0.0 having vulnerability (Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range)
#37
Closed
srinu1111 opened this issue
Aug 24, 2023
· 2 comments
Is there any update on this issue. Can you please update the "display-notification" to the package >2.0.0. We have facing the vulnerability issue in the nested dependency package (semver-5.7.1) of the "display-notification@2.0.0".
Upgrading the "display-notification" package will resolve the issue.
Describe the bug
Node.js version: 18.16.1
OS version: Windows 10
Description: Dependency package of display-notification version 2.0.0 having vulnerability. Latest version of display-notification having fix. Link https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
Actual behavior
Expected behavior
Code to reproduce
Checklist
[ *] I have searched through GitHub issues for similar issues.
[ *] I have completely read through the README and documentation.
[ *] I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.
The text was updated successfully, but these errors were encountered: