Problem
Upgrade vulnerable dependency tmp (https://ecosystem.atlassian.net/browse/AMS-56000):
tmp@0.2.3 has a high severity vulnerability identified by GHSA-ph9p-34f9-6g65: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape. This vulnerability was fixed in version 0.2.6.
Which is coming from @forge/cli:
└─┬ @forge/cli@12.21.0
├─┬ @forge/bundler@6.2.0
│ └── tmp@0.2.3 deduped
├─┬ @forge/cli-shared@8.23.0
│ ├─┬ inquirer@8.2.6
│ │ └─┬ external-editor@3.1.0
│ │ └── tmp@0.0.33
│ └── tmp@0.2.3 deduped
├─┬ @forge/tunnel@6.4.0
│ └── tmp@0.2.3 deduped
└── tmp@0.2.3
Suggested Solution
Wait for forge dependencies to be upgraded
Keywords
tmp,package.json,dependency
Problem
Upgrade vulnerable dependency
tmp(https://ecosystem.atlassian.net/browse/AMS-56000):Which is coming from
@forge/cli:Suggested Solution
Wait for forge dependencies to be upgraded
Keywords
tmp,package.json,dependency