What is the current behavior?
I am using the latest Heroku CLI (heroku/11.0.2 darwin-arm64 node-v24.15.0), which we have baked into our Docker image; however, it is introducing certain vulnerabilities. Below are the details of the affected packages.
Package names with Severity
P0
pkg:npm/plist@3.0.6
P1
npm:glob@10.5.0
npm:diff@7.0.0
npm:diff@4.0.1
npm:qs@6.14.0
npm:fast-uri@3.1.0
npm:minimatch@3.1.2
npm:path-to-regexp@8.2.0
npm:ajv@8.17.1
P2
npm:picomatch@2.3.1
npm:lodash@4.17.21
npm:async@3.2.4
npm:tmp@0.0.33
npm:async@2.6.4
npm:async@3.2.4
npm:brace-expansion@1.1.11
What is the expected behavior?
Can you please remediate the security vulnerabilities in CLI?
What is the current behavior?
I am using the latest Heroku CLI (heroku/11.0.2 darwin-arm64 node-v24.15.0), which we have baked into our Docker image; however, it is introducing certain vulnerabilities. Below are the details of the affected packages.
Package names with Severity
P0
pkg:npm/plist@3.0.6
P1
npm:glob@10.5.0
npm:diff@7.0.0
npm:diff@4.0.1
npm:qs@6.14.0
npm:fast-uri@3.1.0
npm:minimatch@3.1.2
npm:path-to-regexp@8.2.0
npm:ajv@8.17.1
P2
npm:picomatch@2.3.1
npm:lodash@4.17.21
npm:async@3.2.4
npm:tmp@0.0.33
npm:async@2.6.4
npm:async@3.2.4
npm:brace-expansion@1.1.11
What is the expected behavior?
Can you please remediate the security vulnerabilities in CLI?