Posted: 28 Jan 2021 11:33 EST Last activity: 15 Mar 2021 14:27 EDT
Pega React Starter Pack - Vulnerabilties
The package versions used by Pega react starter pack have many known vulnerabilities. Is there any plan to provide the bundle without any such vulnerabilities or are customers supposed to address those?
@shrikantbp An updated React Starter Pack was posted on 3/11/2021 which currently shows zero vulnerabilities when doing a npm install. Customers should feel to update their local package.json via npm audit fix to fix vulnerabilities reported. (The docs/KeyReleaseUpdates.md file will identify significant changes since earlier versions)
Feel free to post in the community as you have done if you notice the latest posted starter pack is reporting any active vulnerabilities and we will investigate and work to update the pack posted so as to address the issue.
As updates (fixes and new features) are done to the various starter packs, we routinely update dependencies as suggested particularly by npm audit to resolve any such vulnerabilities.