Security Vulnerability on devDependency [email protected] - CVE-2022-37599, CVE-2022-37603 #44260
Open
1 task done
Comments
|
This issue has been automatically marked as stale due to two years of inactivity. It will be closed in 7 days unless there’s further input. If you believe this issue is still relevant, please leave a comment or provide updated details. Thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Verify canary release
Provide environment information
Operating System:
Platform: darwin
Arch: arm64
Version: Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:20 PDT 2021; root:xnu-7195.141.6~3/RELEASE_ARM64_T8101
Binaries:
Node: 16.10.0
npm: 7.24.1
Yarn: 1.22.18
pnpm: N/A
Relevant packages:
next: 12.2.2
eslint-config-next: N/A
react: 17.0.2
react-dom: 17.0.2
Which area(s) of Next.js are affected? (leave empty if unsure)
No response
Link to the code that reproduces this issue
N/A
To Reproduce
N/A
Describe the Bug
A security vulnerability has been raised on one of next.js devDependency [email protected]
Vulnerability Report
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37603
Location
https://github.com/vercel/next.js/blame/canary/packages/next/package.json#L225
Expected Behavior
Upgrade to version [email protected]
Which browser are you using? (if relevant)
No response
How are you deploying your application? (if relevant)
No response
The text was updated successfully, but these errors were encountered: