Vulnerability Prototype Pollution

[DaviLhlapak]

A few days ago I went to install my project's packages and npm pointed out 4 critical security errors, but I couldn't understand the solution for it, I didn't find issues that matched the current problem, can you help me?

When running the command npm audit it shows the following text:

# npm audit report

merge  <2.1.1
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1666
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/merge
  find-node-modules  <=2.1.0
  Depends on vulnerable versions of merge
  node_modules/find-node-modules
    commitizen  >=2.0.0
    Depends on vulnerable versions of cz-conventional-changelog
    Depends on vulnerable versions of find-node-modules
    node_modules/commitizen
      cz-conventional-changelog  >=3.0.2
      Depends on vulnerable versions of commitizen
      node_modules/commitizen/node_modules/cz-conventional-changelog
      node_modules/cz-conventional-changelog

4 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

These are the versions that I have installed
[email protected]
[email protected]

Thanks in advance for your help.

About this Vulnerability: https://www.npmjs.com/advisories/1666

[ezrafree]

I just ran into this issue as well.

If you're using yarn, I was able to resolve this issue by adding a resolutions object to my package.json:

"resolutions": {
  "merge": "^2.1.1"
}

[aiKrice]

Please up