Replies: 1 comment 2 replies
-
Hi @robmaas,
|
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
A lot of packages used by different Sitecore JSS versions are outdated and sometimes even contain criticial security vulnerabilities.
(For example JSS still uses
axios: 0.21.1
)I don't really ever see updates to referenced packages.
What is Sitecore's policy on this?
Shouldn't dependency/patch management and security vulnerabilities have one of the highest priorities and be evaluated continually?
We keep running into unpatchable security vulnerabilities due to (sometimes desperately) outdated packages referenced by Sitecore JSS.
All supported major versions should regularly receive updates, apart from additional updates in case of newly discovered security vulnerabilites.
Additional information
No response
Beta Was this translation helpful? Give feedback.
All reactions