Forum Discussion
New SPFx project, Prototype Pollution Vulnerability in the set-getter library
I have a new SPFx project, basically empty, and my company requires that the code is scaned for vulnerabilities using veracode. The only High Finding I could find is this one: https://sca.ana...
I found the problem myself, maybe for future reference for the readers.
I created an empty project and started to use the modern search webpart dependencies, so I copied the package,json and left the project empty.
the problem is on handlebars, through the dependency chain I could find that very deep handlebars uses this npm package with vulnerabilities.
I created an issue in github for the modern search community team, I wonder if it can be solved.
https://github.com/microsoft-search/pnp-modern-search/issues/1235
Or if we have to explain to our global security team that this is by design or whatever
I created an empty project and started to use the modern search webpart dependencies, so I copied the package,json and left the project empty.
the problem is on handlebars, through the dependency chain I could find that very deep handlebars uses this npm package with vulnerabilities.
I created an issue in github for the modern search community team, I wonder if it can be solved.
https://github.com/microsoft-search/pnp-modern-search/issues/1235
Or if we have to explain to our global security team that this is by design or whatever