There are a few security vulnerabilities in downstream dependencies. In particular:
cheerio- v0.22.0 is from many years ago. Unfortunately only 1.x release candidates in more recent years.webpack-dev-server- unblocking a version upgrade from 4.x to 5.x eliminates many vulnerabilities in@forge/tunnel
Is there a chance this might be looked at shortly?
Our test suite passes if I allow these upgrades but I can only do this via a custom package for @forge/cli and @forge/tunnel.
npm audit reports 17 vulnerabilities (1 low, 2 moderate, 13 high, 1 critical) with @forge/cli on 7.1.0 and 8.0.0 (latest)
NOTE: they are devDependencies
Best regards,
Nigel