I ran nsp on a project I'm about to deploy and i got this vulnerability
Name │ mime
CVSS │ 7.5 (High)
Installed │ 1.2.11
Vulnerable │ < 1.4.1 || > 2.0.0 < 2.0.3
Patched │ >= 1.4.1 < 2.0.0 || >= 2.0.3
Path │ [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
More Info │ https://nodesecurity.io/advisories/535
Now i understand that i need to update "mime" dependency but my problem is that the vulnerability is inside a dependency of a dependency of a dependency.
My 'winston-s3' dependency is up-to-date, when I'm going to 'node_modules/winston-s3/node_modules/winston/' there is no 'node_modules' directory and the "mime" dependency in the the main 'node_modules' directory is up-to-date so i guess that winston-s3 is not using this code.
Any idea how to fix this?
Thanks alot!
