Dependabot alert for node-forge vulnerability (CVE-2022-24773) #10833
-
Hi everyone, I'm encountering a Dependabot alert for a vulnerability in the node-forge package used by @vue/cli-service. This vulnerability can potentially allow for RSA signature forgery under certain conditions. Details:
The issue: Questions:
Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Vue CLI is not maintained any longer |
Beta Was this translation helpful? Give feedback.
Maybe something like yarn resolutions (or equivalent in other package managers). In the worst case you could clone vue cli and patch it yourself. If you don't want to chnage the tool you can also consider upgrading vue cli to 5