Vulnerabilities in Package

[G26Bandit]

Bug report for Cloudinary React Native SDK

Before proceeding, please update to latest version and test if the issue persists

Describe the bug in a sentence or two.

During install process, npm says there are 18 vulnerabilities (14 moderate, 4 high). It installs just fine, but I am a little less than thrilled to be adding it to my project.

Issue Type (Can be multiple)

[ ] Build - Can’t install or import the SDK
[ ] Performance - Performance issues
[ ] Behaviour - Functions aren’t working as expected (Such as generate URL)
[ ] Documentation - Inconsistency between the docs and behaviour
[x] Other (Specify) - Security

Steps to reproduce

Install package using npm

Error screenshots or Stack Trace (if applicable)

Build/Dependency management

[x] Cocoa-Pods
[ ] Carthage
[ ] Manual import
[x] Other (Specify) - npm

Is the issue reproducible only on a specific device?

[x] No - not tested, but given the circumstances, I wouldn't think so
[ ] Yes (specify device model + iOS/Android version)

Versions and Libraries (fill in the version numbers)

React Native Cloudinary SDK version - 1.0.0
OSX (on the dev environment) - 14.5

Repository
If possible, please provide a link to a reproducible repository that showcases the problem

[dannyv-cloudinary]

Hi @G26Bandit. This has been raised internally (ticket ref SNI-8041) and will be addressed accordingly.

Thanks for raising this to us. If there's anything else you need, please don't hesitate to reach out via https://support.cloudinary.com