Page 1 of 1

High severity vulnerability ( 5.5.1)

Posted: Tue Oct 20, 2020 3:32 pm
by klodoma

Could you fix the vulnerability warning in "siesta-lite": "^5.5.1"?

npm audit

                   === npm audit security report ===


                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit https://go.npm.me/audit-guide for additional guidance


  High            Prototype Pollution in node-forge

  Package         node-forge

  Patched in      >= 0.10.0

  Dependency of   siesta-lite [dev]

  Path            siesta-lite > node-easy-cert > node-forge

  More info       https://npmjs.com/advisories/1561

found 1 high severity vulnerability in 1404 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Thanks
Andrei


Re: High severity vulnerability ( 5.5.1)

Posted: Wed Oct 21, 2020 9:42 am
by nickolay

Might not be trivial, as its a vulnerability in dependency of one of Siesta dependencies, but we'll do our best! Thanks for the report.