You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
make build
cd web/ui && npm install
up to date, audited 2418 packages in 13s
173 packages are looking for funding
run `npm fund` for details
77 vulnerabilities (16 moderate, 37 high, 24 critical)
Are there any ongoing discussion or PR related to npm vulnerabilities? Should we concern about this?
The text was updated successfully, but these errors were encountered:
Thanks for the report. cc @juliusv@Nexucis, but from what I've heard these aren't the biggest deal. We also upgrade our dependencies every release anyway.
that's a bit odd you have so much issues. On my local environment and in the CI, it doesn't look like we have so many:
cd web/ui && npm install
[..................]
added 2412 packages, and audited 2415 packages in 37s
173 packages are looking for funding
run `npm fund`for details
59 vulnerabilities (17 moderate, 40 high, 2 critical)
Unfortunately excepting upgrading dependencies when we can, we cannot do much more. Even the latest version of react contains issues.
Also just to minimize a bit this kind of info, it's an overall number of vulnerabilities but these issues can come from the dev dependencies which are really not critical / interesting in this context. (npm/npm#20564)
Finally, for each PRs and for each branch you have security scan running to detect breach and issues and so far we are good in the UI.
I'm closing this issue as it's not concerning and it's not something we can solve unfortunately.
What did you do?
make build
on commit b4175f7Are there any ongoing discussion or PR related to
npm
vulnerabilities? Should we concern about this?The text was updated successfully, but these errors were encountered: