- ABP Framework version: v7.4.2
- UI Type: MVC
- Database System: EF Core (PostgreSQL)
Hi. We are looking to understand how you decide to upgrade packages and when you choose to stick to certain versions.
A specific scenario we have right now is that we are currently seeing a critical issue reported by our SCA tool (mend.io) in the uppy.js dependency. ABP.io is currently using 1.X of uppy and are two major versions behind. https://www.mend.io/vulnerability-database/CVE-2022-0086
Is uppy on a backlog list somewhere to be updated? Have you chosen not to upgrade this for a reason? I understand we could upgrade try and upgrade this ourselves but there would be a high likelihood of breaking changes that we would then need to resolve.
Any help here would be appreciated. Thank you
2 Answer(s)
-
0
Hi,
Seems it's a problem, we will try to upgrade uppy version to the latest.
-
0
https://github.com/abpframework/abp/issues/18518