Page 1 of 1

High severity vulnerability ( 5.5.1)

Posted: Tue Oct 20, 2020 3:32 pm
by klodoma

Could you fix the vulnerability warning in "siesta-lite": "^5.5.1"?

npm audit

                   === npm audit security report ===

                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit for additional guidance

  High            Prototype Pollution in node-forge

  Package         node-forge

  Patched in      >= 0.10.0

  Dependency of   siesta-lite [dev]

  Path            siesta-lite > node-easy-cert > node-forge

  More info

found 1 high severity vulnerability in 1404 scanned packages
  1 vulnerability requires manual review. See the full report for details.


Re: High severity vulnerability ( 5.5.1)

Posted: Wed Oct 21, 2020 9:42 am
by nickolay

Might not be trivial, as its a vulnerability in dependency of one of Siesta dependencies, but we'll do our best! Thanks for the report.