You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
We executed the Trivy scanner against my WordPress installation (version 6.9.1) which contains the latest version of Rank Math PRO plugin (3.0.108) and it detected 20 vulnerabilities in the seo-by-rank-math-pro/vendor/wp-media/plugin-family.
It might be better to exclude the package-lock.json file from the production build. This would prevent automated tools from scanning dev dependencies and flagging these issues.
Describe the bug
We executed the Trivy scanner against my WordPress installation (version 6.9.1) which contains the latest version of Rank Math PRO plugin (3.0.108) and it detected 20 vulnerabilities in the seo-by-rank-math-pro/vendor/wp-media/plugin-family.
https://p17.zdusercontent.com/attachment/1202839/sNrt6d3dqVXyuZ5tvRLGxjlhk?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..rJ5cGHGd1b5f3vOTW17h0Q.nmFuqXB0iUgdEtNv9LMKMh64D9trTNrjOoemEFJGYDXSKW4L_b92y3NYTTlbiKdBCw3kGX-Ps3o7LPsBvOmjhk1njTUJWNimeWjMZcUEPpiJYhWoYX5BRLuiQuQoArrbp8OhkD390A1PJI9A9C-GX4kHP0C_sJD90AkVjFXfN34a9BIBVnoQpjX5eV6B3PxpeLYZh1JkuSBZpqh017d3PzmxkfRZPDrRhA5TiedmN9oHmbCS_p4cJS3e15xi7XDZ8XAMWbsO1-qTjls82gHrGxaet-BfUeS4R_F8i71CTPU.e27fP3tFzUKY9GUZACcsiQ
It might be better to exclude the package-lock.json file from the production build. This would prevent automated tools from scanning dev dependencies and flagging these issues.