Get help with testing, discuss unit testing strategies etc.


Post by klodoma »

Could you fix the vulnerability warning in "siesta-lite": "^5.5.1"?

npm audit

                   === npm audit security report ===


                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit https://go.npm.me/audit-guide for additional guidance


  High            Prototype Pollution in node-forge

  Package         node-forge

  Patched in      >= 0.10.0

  Dependency of   siesta-lite [dev]

  Path            siesta-lite > node-easy-cert > node-forge

  More info       https://npmjs.com/advisories/1561

found 1 high severity vulnerability in 1404 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Thanks
Andrei


Post by nickolay »

Might not be trivial, as its a vulnerability in dependency of one of Siesta dependencies, but we'll do our best! Thanks for the report.


Post Reply