Application Dependency Vulnerabilities

[slcardinal]

Stratos Version

Version: 4.4.0

Frontend Deployment type

• Cloud Foundry Application (cf push)
• Kubernetes, using a helm chart
• Docker, single container deploying all components
• npm run start
• Other (please specify below)

Backend (Jet Stream) Deployment type

• Cloud Foundry Application (cf push)
• Kubernetes, using a helm chart
• Docker, single container deploying all components
• Other (please specify below)

Expected behaviour

Address Critical applicaiton dependency vulnerabilities.

I am not a developer, I just support the Stratos UI that is used with our internal deployment of Cloud Foundry. We have clone of this repository in our Enterprise Version of GitHub and our security team has enabled Dependabot to help with vulnerabilities. Due to these critical vulnerabilities, we have been asked to stop using this UI as part of our Cloud Foundry deployment. We would like to continue to use Stratos, as our internal customers prefer Stratos to the home grown Cloud Foundry UI that was developed. Would someone in the community be willing to have a look at remeidating the application dependencies in the Stratos UI?

Actual behaviour

Need to have Dependabot recommendations resolved.

Steps to reproduce the behavior

Turn on dependabot recommendations for the community repostiory for Stratos.

Log output covering before error and any error statements

Insert log hereCopy

Detailed Description

Context

Possible Implementation

[norman-abramovitz]

Stratus being updated will done over the next couple of months.