Dependencies in light of recent npm exploit

[jwoehr]

How did you handle the dependencies in light of the recent npm exploit?
Do you regard this server as safe at the present time?

[github-actions]

Thanks for opening this issue. The ticket MCP-272 was created for internal tracking.

[kmruiz]

Hi @jwoehr ,

we weren't affected by the latest supply chain attacks in the npm ecosystem and the server is, as far as we know, safe for use.

We are not aware of any CVE affecting any of our dependencies.

We have dependabot configured to find security issues, and we have in our plans to tighten the security even more.

Are you concerned about anything specific?

[jwoehr]

No special concerns, @kmruiz , just wondering if the team is on top of the supply chain hack.
Looking at using the server in a project.
Thanks for your response.

[github-actions]

The corresponding JIRA ticket has been automatically closed.