Clear and concise description of the problem
Re: https://huntr.dev/bounties/009f1cd9-401c-49a7-bd08-be35cff6faef/
Thank you for all your hard work on fixing vulnerabilities on the utils lib.
Even after fix on 7.3, platforms such as SonaType are still flagging this package as insecure because one file wasn't updated (index.js) even though the commonJS and ESM versions are clear.
Quote:
The fix for this vulnerability was released for version 0.7.3 and onwards only on the index.mjs and index.cjs files. However the index.js file remains vulnerable.
Suggested solution
index.js should also include the Prototype Pollution fix
Alternative
No response
Additional context
No response
Validations