Chore:update NPM packages (esp formidable)

Question

Chore:update NPM packages (esp formidable)

Closed this issue 4 months ago · 3 comments

chrisbc commented 5 months ago

done when:

https://github.com/GNS-Science/nshm-model-graphql-api/security/dependabot/22 is resolved
new deployments to deploy-test and prod

chrisbc commented 4 months ago

in #20

Answer 1 · 2024-04-24T00:57:35.000Z

About the Formidable Vulnerablity:

the formidable NPM library is a serverless framework dependency. We use this for deployment related tasks only, it's not a AWS runtime component, and none of our API services, provide a form upload feature (where this vulnerability applies).

Resolution:

We should address this as explained here as part of normal maintenance cycle, so future deployments include this fix.

Answer 2 · 2024-04-24T13:39:36.000Z

Can someone provide an estimated timeline for the completion of this task?