ui-circulation ships with a ReDoS (regular expressions denial of service) vulnerability.
Steps to Reproduce:
snyk.io and yarn why codemirror show this dependency path:
codemirror before 5.58.2 has a ReDoS (regular expressions denial of service) vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
react-codemirror2 before 7.0.0 depends on a vulnerable codemirror version: https://github.com/scniro/react-codemirror2/commit/1801460b2c35db1372afe221b070143b6e52199c
react-codemirror2 from 7.0.0 depends on a fixed codemirror version.
Upgrade react-codemirror2 from 1.0.0 to a version that is >=7.0.0.