https://serverless-stack.com/ logo
#sst
Title
# sst
s

Sam N

02/15/2022, 6:34 PM
Does the team run something like
yarn audit
as part of the build process? Are there any plans to fix the vm2 vulnerabilities: https://github.com/advisories/GHSA-6pw2-5hjv-9pf7?
f

Frank

02/15/2022, 8:51 PM
Hi @Sam N, we currently aren’t running it as part of the build process right now. But that’s a good suggestion. Let me put that down on our roadmap.
Let me see if I can manually resolve the vm2 vulnerability temporarily.
@Sam N dug into this a bit,
vm2
is a dependency of CDK, and the version is pinned to
^3.9.3
. The lock file shows
3.9.6
is being used. So it seems we are not vulnerable to this?
^^`yarn audit` did not report this
2 Views