@elastic.io/maester-client/.nsprc

The official object-storage client

{
    "GHSA-f8q6-p94x-37v3": {
            "active": true,
            "notes": "A long dependency chain from 'bunyan' till 'minimatch'. 'bunyan' uses 'minimatch' only via an optional dependency 'mv', which we don't install. So not affected"
    },
    "GHSA-27h2-hvpr-p74q": {
        "active": true,
        "notes": "The vulnerability is in maester-client v4.x because of cross-dependency with component-commons-library. Maester-client of v4.x doesn't use jwt.verify function. So not affected"
    }
}