Chore:update NPM packages (esp formidable)
Closed this issue · 3 comments
chrisbc commented
done when:
- https://github.com/GNS-Science/nshm-model-graphql-api/security/dependabot/22 is resolved
- new deployments to deploy-test and prod
chrisbc commented
About the Formidable Vulnerablity:
the formidable NPM library is a serverless framework dependency. We use this for deployment related tasks only, it's not a AWS runtime component, and none of our API services, provide a form upload feature (where this vulnerability applies).
Resolution:
We should address this as explained here as part of normal maintenance cycle, so future deployments include this fix.
rbambirra commented
Can someone provide an estimated timeline for the completion of this task?