fix(api): update dependency nanoid to v5.0.9 [security] #1436
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
MSC-2024-8222Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> @weareinreach/ui-0.100.0.tgz (Root Library) -> ahooks-3.8.1.tgz -> ❌ intersection-observer-0.12.2.tgz (Vulnerable Library) |
 Critical |
9.8 | intersection-observer-0.12.2.tgz | #289 | |
CVE-2024-55565Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> @weareinreach/app-0.100.0.tgz (Root Library) -> next-14.2.16.tgz -> postcss-8.4.31.tgz -> ❌ nanoid-3.3.7.tgz (Vulnerable Library) |
 High |
7.5 | nanoid-3.3.7.tgz | Upgrade to version: nanoid - 3.3.8,5.0.9 | #654 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2024-55565 | nanoid-5.0.7.tgz |
Base branch total remaining vulnerabilities: 2
Base branch commit: 6822567dcd269cd39bf399c01866ec79ee323bac
Total libraries scanned: 1248
Scan token: 4b8ac596cccc419b9126c9293192de34