Skip to content

Dependencies should be pinned to exact versions #48

New issue
New issue
Open
Open
Dependencies should be pinned to exact versions#48
Labels
bugSomething isn't workingsecurity
@iuricmp

Description

@iuricmp
iuricmp
opened on Mar 6, 2025

The application contained multiple dependencies that were not pinned to an exact version, but they were set
to a supported version (ˆx.x.x). This could potentially allow dependency attacks.

Recommendation

The repository dependencies in the package.json files should be pinned to exact versions to prevent
dependency attacks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingsecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions