Question
1
Replies
31
Views
Standard & Poor's
Posted: January 28, 2021
Last activity: March 15, 2021
Pega React Starter Pack - Vulnerabilties
Hi,
The package versions used by Pega react starter pack have many known vulnerabilities. Is there any plan to provide the bundle without any such vulnerabilities or are customers supposed to address those?
Thanks
@shrikantbp An updated React Starter Pack was posted on 3/11/2021 which currently shows zero vulnerabilities when doing a npm install. Customers should feel to update their local package.json via npm audit fix to fix vulnerabilities reported. (The docs/KeyReleaseUpdates.md file will identify significant changes since earlier versions) Feel free to post in the community as you have done if you notice the latest posted starter pack is reporting any active vulnerabilities and we will investigate and work to update the pack posted so as to address the issue. As updates (fixes and new features) are done to the various starter packs, we routinely update dependencies as suggested particularly by npm audit to resolve any such vulnerabilities.