Security Warning: CVE-2021-44228 flagged by Wiz

Hey!

I'm opening this issue because my security scanner (Wiz) flagged a potential vulnerability: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q (Log4Shell) in a project that uses react-native-get-random-values.

This is breaking a number of our builds within the corporate finance sector. Is there any chance you can use a different library to accomplish this goal or remove this library?

### Here's the context:
Package: react-native-get-random-values
Link to your `package.json` - https://github.com/coveo/coveo.analytics.js/blob/master/package.json#L28
Dependency tree: indirectly used through `coveo.analytics`

### Scanner: Wiz
CVE: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)

Additionally, I have opened a PR in the offending app, but I am not sure it's actually maintained anymore
* Related PR - https://github.com/LinusU/react-native-get-random-values/pull/65
* Related Issue - https://github.com/LinusU/react-native-get-random-values/issues/64


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security Warning: CVE-2021-44228 flagged by Wiz #483

Here's the context:

Scanner: Wiz

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Warning: CVE-2021-44228 flagged by Wiz #483

Description

Here's the context:

Scanner: Wiz

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions