Skip to main content

Fix example direct vulnerability for Yarn

When your configuration file specifically references a library, Veracode SCA refers to the library as a direct dependency.

These example steps provide a fix for a Cross-site Scripting (XSS) Using Non-standard Encodings vulnerability in Express, version 4.1.1 in the example-javascript-yarn project.

To complete this task:

  1. Run this command to edit the Yarn file in the root of the project:

    yarn upgrade express@4.5.0
    yarn install --flat
  2. Validate the fix.