After running a docker scout CVE report on a nodejs container that had fluent-ffmpeg installed, a high severity vulnerability was identified on the Async package. The defined version of Async in fluent-ffmpeg's package.json is ^0.2.9 where the vulnerability is fixed many versions later: 2.6.4, 3.2.2.
Are there any plans to update Async to a newer version?
Version information
Expected results
After running a docker scout CVE report on a nodejs container that had
fluent-ffmpeginstalled, a high severity vulnerability was identified on theAsyncpackage. The defined version ofAsyncinfluent-ffmpeg'spackage.jsonis^0.2.9where the vulnerability is fixed many versions later:2.6.4, 3.2.2. Are there any plans to updateAsyncto a newer version?