All versions of
@risingstack/protect are vulnerable to Cross-Site Scripting. The
No fix is currently available. Consider using an alternative package. The package is not actively maintained and will not be patched.