web/ui: 77 vulnerabilities (16 moderate, 37 high, 24 critical)

[Dentrax]

What did you do?

make build on commit b4175f7

• Logs:

make build
cd web/ui && npm install

up to date, audited 2418 packages in 13s

173 packages are looking for funding
  run `npm fund` for details

77 vulnerabilities (16 moderate, 37 high, 24 critical)

Are there any ongoing discussion or PR related to npm vulnerabilities? Should we concern about this?

[LeviHarrison]

Thanks for the report. cc @juliusv @Nexucis, but from what I've heard these aren't the biggest deal. We also upgrade our dependencies every release anyway.

[Nexucis]

that's a bit odd you have so much issues. On my local environment and in the CI, it doesn't look like we have so many:

cd web/ui && npm install
[..................] 
added 2412 packages, and audited 2415 packages in 37s

173 packages are looking for funding
  run `npm fund` for details

59 vulnerabilities (17 moderate, 40 high, 2 critical)

Unfortunately excepting upgrading dependencies when we can, we cannot do much more. Even the latest version of react contains issues.

Also just to minimize a bit this kind of info, it's an overall number of vulnerabilities but these issues can come from the dev dependencies which are really not critical / interesting in this context. (npm/npm#20564)

Finally, for each PRs and for each branch you have security scan running to detect breach and issues and so far we are good in the UI.

I'm closing this issue as it's not concerning and it's not something we can solve unfortunately.