jdonis
commented
2 months ago Async A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method.
Affected versions
= 2.0.0, < 2.6.4
Solution: Update through solving transitive dependency upgraded pa11y-ci library from 3.0.1 -> 3.1.0 (latest). Pa11y-ci is the only library that uses a version of Async lower than 3.x
Acceptance criteria: