Bootstrap dependency is pinned to an insecure version of bootstrap #55
Description
Expected Behavior
npm audit should pass
Current Behavior
npm audit shows a vulnerability in 4.1.3:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ bootstrap │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.4.1 <4.0.0 || >=4.3.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ shards-react │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ shards-react > shards-ui > bootstrap │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/891 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Possible Solution
Upgrade bootstrap to >= 4.3.1
Steps to Reproduce
- Install
shards-reactor any other module that depends on this repo - Run
npm audit