Even though the security vulnerability was fixed in the release version 4.5.1 correctly by this PR https://github.com/mcollina/msgpack5/pull/99. But the dist folder was unchanged. As a result, the code is still old in dist folder. The vulnerability scanning tools like Jfrog Xray, parses each and every file. As a result, msgpack5 version 4.5.1 when used in a nodejs app, is still detected as vulnerable.
Even though it doesn't posses any real threat, but it's a good practice to keep dist folder updated as well. This is to ensure compliance with most security tools.
Even though the security vulnerability was fixed in the release version 4.5.1 correctly by this PR https://github.com/mcollina/msgpack5/pull/99. But the dist folder was unchanged. As a result, the code is still old in dist folder. The vulnerability scanning tools like Jfrog Xray, parses each and every file. As a result, msgpack5 version 4.5.1 when used in a nodejs app, is still detected as vulnerable.
Even though it doesn't posses any real threat, but it's a good practice to keep dist folder updated as well. This is to ensure compliance with most security tools.
Can someone please fix this ?