Find anything about our product, documentation, and more.

Blazor Components | 70+ Native UI Controls | Syncfusion®

https://www.syncfusion.com/blazor-components

The Syncfusion^® native Blazor components library offers 70+ UI and Data Viz web controls that are responsive and lightweight for building modern web apps.

.NET PDF Framework | C# / VB.NET PDF API | Syncfusion®

https://www.syncfusion.com/pdf-framework/net

.NET PDF framework is a high-performance and comprehensive library used to create, read, merge, split, secure, edit, view, and review PDF files in C#/VB.NET.

155+ Xamarin UI controls for iOS, Android & UWP apps | Syncfusion®

https://www.syncfusion.com/xamarin-ui-controls

Over 155 Xamarin UI controls to create cross-platform native mobile apps for iOS, Android, UWP and macOS platforms from a single C# code base.

My Dashboard

SIGN OUT

NPM: cldr -> 4 low severity vulnerabilities

1 Reply
2 Participants
Marked answer

Created by
LS Laurin S

Platform
JavaScript - EJ 2

Platform
JavaScript - EJ 2

Control
General

Created On
Apr 19, 2021 12:39 PM UTC

Last Activity On
Apr 20, 2021 06:42 AM UTC

Want to subscribe?
SIGN IN

# npm audit report

minimist <0.2.1 || >=1.0.0 <1.2.3

Prototype Pollution - https://npmjs.com/advisories/1179

No fix available

node_modules/mkdirp/node_modules/minimist

mkdirp 0.4.1 - 0.5.1

Depends on vulnerable versions of minimist

node_modules/mkdirp

cldr-data-downloader *

Depends on vulnerable versions of mkdirp

node_modules/cldr-data-downloader

cldr-data *

Depends on vulnerable versions of cldr-data-downloader

node_modules/cldr-data

4 low severity vulnerabilities

Any idea?

dependency: "cldr-data": "^36.0.0",

1 Reply 1 reply marked as answer

JA Jesus Arockia Sankaran S Syncfusion Team April 20, 2021 06:42 AM UTC

Hi Laurin,

Sorry for the inconvenience.

We have checked the reported issue and we suspect that it is not from Syncfusion packages. This vulnerability issue comes from the “cldr-data” NPM package. However, we request you to check the below blog post for more details.

Blog: https://itnext.io/fixing-security-vulnerabilities-in-npm-dependencies-in-less-than-3-mins-a53af735261d

Below configuration in package.json file fixes the reported issue.

"scripts": {

"preinstall": "npx npm-force-resolutions"

"resolutions": {

"minimist": "^1.2.5"

"dependencies": {

"cldr-data": "^36.0.0"

}

Reference Image:

Please get back to us if you have any queries.

Regards,

Jesus Arockia Sankaran S

Marked as answer

1 Reply
2 Participants
Marked answer
Want to subscribe?
SIGN IN
Created by
LS Laurin S
Platform
JavaScript - EJ 2
Control
General
Created On
Apr 19, 2021 12:39 PM UTC
Last Activity On
Apr 20, 2021 06:42 AM UTC

.NET PDF Processing Library

.NET PDF Processing Library

Viewer Component

Conversions

.NET Word Processing Library

.NET Word Processing Library

Editor Component

Conversions

.NET Excel Processing Library

.NET Excel Processing Library

Editor Component

Conversions

.NET PowerPoint Processing Library

.NET PowerPoint Processing Library

Conversions

NPM: cldr -> 4 low severity vulnerabilities

Enterprise Solutions

.NET PDF Processing Library

.NET PDF Processing Library

Viewer Component

Conversions

.NET Word Processing Library

.NET Word Processing Library

Editor Component

Conversions

.NET Excel Processing Library

.NET Excel Processing Library

Editor Component

Conversions

.NET PowerPoint Processing Library

.NET PowerPoint Processing Library

Conversions

Learning

Resources

Support

NPM: cldr -> 4 low severity vulnerabilities