CU - Resolve high severity Dependabot vulnerability alerts

department-of-veterans-affairs / va-mobile-app

"If VA were a company, it would have a flagship mobile app."

https://department-of-veterans-affairs.github.io/va-mobile-app/

12 stars 2 forks source link

CU - Resolve high severity Dependabot vulnerability alerts #8766

Open theodur opened 3 months ago

theodur commented 3 months ago

Proposed Change

Resolving high severity vulnerability alerts from Dependabot by upgrading the necessary packages.

Why Should We Prioritize?

High severity vulnerabilities can impact the security of the mobile app.

Coding Time Estimation

Testing Considerations

Checklist

[ ] Add the relevant team label (Health, global, etc.)
[ ] Attach to the Engineering Initiatives (Frontend) epic

theodur commented 3 months ago

All vulnerabilities can be resolved (PR) except for the ip vulnerability. There isn't a patch out for ip yet, so I'll keep this ticket open and mark it as externally blocked in the meantime