While attempting to update my package dependency references, I recently discovered known vulnerable versions of webpack are being referenced by the
‘@forge/util’ package. Specifically,
- ‘@forge/api’ v4.0.0
— ‘@forge/util’ 1.4.4
----- ‘webpack’ v5.90.3 – known vulnerable - ‘@atlassian/forge-graphql’ v13.12.1
— ‘@forge/api’ v2.21.0
----- ‘@forge/util’ v1.3.3
------- ‘webpack’ v5.89.0 – known vulnerable
Are there any plans to update these dependency references in the future?