We noticed this repo pulls in event-stream at version 3.3.6 as a dependency. This version has had malicious code injected into it (see dominictarr/event-stream#116 for more information) and we recommend that you either upgrade to 4.0.1 or downgrade to 3.3.4 as soon as possible.
(Dependabot can't generate downgrade PRs for sub-dependencies at the moment, but we wanted to warn you about the issue all the same.)
We noticed this repo pulls in
event-streamat version3.3.6as a dependency. This version has had malicious code injected into it (see dominictarr/event-stream#116 for more information) and we recommend that you either upgrade to4.0.1or downgrade to3.3.4as soon as possible.(Dependabot can't generate downgrade PRs for sub-dependencies at the moment, but we wanted to warn you about the issue all the same.)