Deep dependency on this critical vulnerability version of formdiable

Question

Opened this issue 2 months ago · 1 comments

There is a deep dependency on a package formidable which contains a critical vulnerability (GHSA-8cp3-66vr-3r4c).

The vulnerability can be fixed like this for now:

"overrides": { "path-loader": { "superagent": "9.0.0" }, }

On serverless 3.38.0.

Answer 1 · 2024-05-09T21:55:05.000Z

Is this project still maintained? Last release 2023-11-21, with a critical vulnerability, and no patch in two weeks since posted?