Skip to content

Upgrade dependency tmp@0.2.3 #1397

Description

@remarkablemark

Problem

Upgrade vulnerable dependency tmp (https://ecosystem.atlassian.net/browse/AMS-56000):

tmp@0.2.3 has a high severity vulnerability identified by GHSA-ph9p-34f9-6g65: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape. This vulnerability was fixed in version 0.2.6.

Which is coming from @forge/cli:

└─┬ @forge/cli@12.21.0
  ├─┬ @forge/bundler@6.2.0
  │ └── tmp@0.2.3 deduped
  ├─┬ @forge/cli-shared@8.23.0
  │ ├─┬ inquirer@8.2.6
  │ │ └─┬ external-editor@3.1.0
  │ │   └── tmp@0.0.33
  │ └── tmp@0.2.3 deduped
  ├─┬ @forge/tunnel@6.4.0
  │ └── tmp@0.2.3 deduped
  └── tmp@0.2.3

Suggested Solution

Wait for forge dependencies to be upgraded

Keywords

tmp,package.json,dependency

Metadata

Metadata

Labels

bugSomething isn't working

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions