hkdctol
commented
3 weeks ago Test if pinning to exact fixed version solves problem or investigate if Snyk is not reporting properly in this instance.
Closed Jin-Sun-tts closed 12 hours ago
hkdctol
commented
3 weeks ago Test if pinning to exact fixed version solves problem or investigate if Snyk is not reporting properly in this instance.
Jin-Sun-tts
commented
13 hours ago The INFLIGH one is related memory leak which does not affect to static site.
The other one POSTCSS, we are on the fixed version (8.4.38) for the main dependency, but for some other dependencies in lockfile that depend on postcss@7 which does not have backport fixes. see https://github.com/postcss/postcss/pull/1890
_Please keep any sensitive details in Google Drive._
Date of report: 2023-12-01 Severity: Moderate Due date: 2024-03-01
Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.
* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.
Brief description
https://docs.google.com/document/d/1rW0VOzfCrjXOI0O1gTAOm225_fTbu5Cjrg7yJTYYBBg/edit#bookmark=kix.aujuf67rbe01