Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Shrikant Pustode (shrikantbp)
Amazon

Amazon
US
shrikantbp Member since 2014 25 posts
Amazon
Posted: Jan 28, 2021
Last activity: Mar 15, 2021
Posted: 28 Jan 2021 11:33 EST
Last activity: 15 Mar 2021 14:27 EDT
Closed

Pega React Starter Pack - Vulnerabilties

Hi,

The package versions used by Pega react starter pack have many known vulnerabilities. Is there any plan to provide the bundle without any such vulnerabilities or are customers supposed to address those?

Thanks

To see attachments, please log in.
Pega Platform 8.5.1
User Experience

Posted: 4 years ago
Posted: 15 Mar 2021 14:27 EDT
Vinod Seraphin (VinodSeraphin)
PEGA
Senior Fellow, Software Engineer, UX Engineering
Pegasystems Inc.
US

@shrikantbp  An updated React Starter Pack was posted on 3/11/2021 which currently shows zero vulnerabilities when doing a npm install.  Customers should feel to update their local package.json via npm audit fix to fix vulnerabilities reported.  (The docs/KeyReleaseUpdates.md file will identify significant changes since earlier versions) Feel free to post in the community as you have done if you notice the latest posted starter pack is reporting any active vulnerabilities and we will investigate and work to update the pack posted so as to address the issue. As updates (fixes and new features) are done to the various starter packs, we routinely update dependencies as suggested particularly by npm audit to resolve any such vulnerabilities.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice