Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

1
Replies
76
Views
 Shrikant Pustode (shrikantbp) Amazon
Amazon
US
shrikantbp Member since 2014 25 posts
Amazon
Posted: January 28, 2021
Last activity: March 15, 2021
Posted: 28 Jan 2021 11:33 EST
Last activity: 15 Mar 2021 14:27 EDT
Closed

Pega React Starter Pack - Vulnerabilties

Report

Hi,

The package versions used by Pega react starter pack have many known vulnerabilities. Is there any plan to provide the bundle without any such vulnerabilities or are customers supposed to address those?

Thanks

Pega Platform 8.5.1 User Experience
Posted: 2 years ago
Posted: 15 Mar 2021 14:27 EDT
Vinod Seraphin (serav) PEGA Senior Fellow, Software Engineer, DX Innovation Lab
Pegasystems Inc.
US
Report

@shrikantbp   An updated React Starter Pack was posted on 3/11/2021 which currently shows zero vulnerabilities when doing a npm install.  Customers should feel to update their local package.json via npm audit fix to fix vulnerabilities reported.  (The docs/KeyReleaseUpdates.md file will identify significant changes since earlier versions) Feel free to post in the community as you have done if you notice the latest posted starter pack is reporting any active vulnerabilities and we will investigate and work to update the pack posted so as to address the issue. As updates (fixes and new features) are done to the various starter packs, we routinely update dependencies as suggested particularly by npm audit to resolve any such vulnerabilities.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice