Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Issues #666

Open
claudiojulioferraz opened this issue Aug 16, 2019 · 2 comments

Comments

@claudiojulioferraz
Copy link

commented Aug 16, 2019

I clone some extensions and the main application, and noticed something very strange and worrying. Typing npm audit realizes that app dependencies have critical security bugs. Can we trust such an application? Why not update dependencies?

@mobitar mobitar transferred this issue from standardnotes/web Aug 17, 2019

@mobitar

This comment has been minimized.

Copy link
Member

commented Aug 17, 2019

We do update dependencies, but not every release. I'll do another refresh for the next release to make sure every dependency that can be updated is.

@p0n1

This comment has been minimized.

Copy link

commented Aug 21, 2019

I am also worried about dependency vulnerabilities in Javascript libraries. Any ideas or efforts to avoid this in stdnotes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.