'Simple pilist prototype pollution dependabot alert

I’m working on a JavaScript/typescript project and I have used the github provided code scanner CI. Until one day I found a warning popping up saying:”simple-plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().” I thought updating the package should fix it but github says there was not patched version. I’m just wondering should I ignore this warning or should I do something about it? Even know they said this is a critical vulnerability 9.8/10.bit

Any help will be appreciated!

github-actionsdependabot


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

npm ci can only install packages with an existing package-lock.json or npm-shrinkwrap.json with lockfileVersion >= 1

How to execute MSI file on Github Actions (windows-latest runner)

How to set environment variables in GitHub actions using python

Deploy individual services from a monorepo using github actions

How to run GitHub Actions workflows locally?

How to implement semantic versioning in GitHub Actions workflow?

Dynamic Github Actions Steps

commitlint not able to make scope optional

how to run GitHub Action after outage?

Repository Name as a GitHub Action environment variable?

Angular test fails to run with ChromeHeadlessCI in Github Action

Github cli in Action not running workflow

GitHub Actions Failed to Deploy changes to Heroku

Github Actions - No Such File or Directory on Any Run Step

GitHub actions: default branch variable