1100.0.12
4 months ago
3 days ago
Known vulnerabilities in the @pnpm/building.policy package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@pnpm/building.policy is a Create a function for filtering out dependencies that are not allowed to be built Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during the build lifecycle by crafting a dependency source locator that collides with an approved source after normalization, thereby bypassing intended build policy restrictions. How to fix Unsafe Dependency Resolution? Upgrade | <1100.0.8 |