update report
This commit is contained in:
@@ -44,14 +44,6 @@ Reason: one blocking, code-level security issue was found.
|
|||||||
|
|
||||||
## Additional Code-Level Findings (Non-blocking)
|
## Additional Code-Level Findings (Non-blocking)
|
||||||
|
|
||||||
### Medium: Non-deterministic frontend dependency versioning
|
|
||||||
- Severity: Medium
|
|
||||||
- Risk: `lucide-react` is set to `latest`, making builds time-dependent and increasing supply-chain unpredictability.
|
|
||||||
- Evidence:
|
|
||||||
- `frontend/package.json:13`
|
|
||||||
- Recommendation:
|
|
||||||
- pin an explicit semver version and update intentionally via dependency review workflow
|
|
||||||
|
|
||||||
### Low: One security middleware regression test is currently not executable
|
### Low: One security middleware regression test is currently not executable
|
||||||
- Severity: Low
|
- Severity: Low
|
||||||
- Risk: reduced confidence in continued enforcement of upload middleware behavior.
|
- Risk: reduced confidence in continued enforcement of upload middleware behavior.
|
||||||
|
|||||||
Reference in New Issue
Block a user