Vulnerability detected in node-forge

You could try

npm update

This should update all packages to the latest version, respecting the semantic versioning rules in your package.json / package-lock.json.

You can also try allowing Dependabot to generate a pull request to fix the issue. If you select the alert itself you should see a button like so:

Dependabot

This will attempt to create a pull request (this won't always succeed) and will take a few minutes usually. Once this is complete you can review and merge.


Causation:

[email protected] needs to be updated to node-forge@^0.10.0

Solution (NPM)

rm -rf node-modules

rm package.lock

npm cache clean

npm i

Solution (Yarn)

rm -rf node_modules

rm yarn.lock

yarn cache clean

yarn

Explanation

This should cause the library that's using node-forge to update its own dependencies.