Vulnerabilities again: npm i -D @forge/cli@lates: 23 vulnerabilities (9 low, 4 moderate, 10 high) (@forge/cli version 12.17.0).
Do you guys have some automated audit process?
When submitting a Forge app to the Markeplace, we have to fill a form with Application Security question:
- Did you review the app’s 3rd party dependencies (i.e. open-source or external libraries) for vulnerabilities using automated tools? and, do you plan to keep these dependencies up to date?
So, yes, we keep our dependencies up to date. But cannot publish any Forge app since Atlassian does not update it’s own libraries and tools.