This project uses npm audit to scan dependencies for vulnerabilities and automatically install any compatible updates to vulnerable dependencies. The security audit is also integrated into the project's CI pipeline via audit-ci command which fails the build if there is any vulnerability found. It is possible to ignore specific errors by whitelisting them in audit-ci config..
Whenever you whitelist a specific advisory it is required to refer it to here and justify the whitelisting.
| # | Level | Module | Title | Explanation |
|---|---|---|---|---|
| 1085318 | critical | flat | flat vulnerable to Prototype Pollution | @identity.com/credential-commons, @identity.com/uca |
| 1086450 | moderate | highlight.js | ReDOS vulnerabities: multiple grammars | node_modules/highlight.js |
| 1085550 | high | marked | Inefficient Regular Expression Complexity in marked | node_modules/highlight.js |