Open Closed

Front-end package vulnerability (uppy) #6369


User avatar
0
JonSteer73 created
  • ABP Framework version: v7.4.2
  • UI Type: MVC
  • Database System: EF Core (PostgreSQL)

Hi. We are looking to understand how you decide to upgrade packages and when you choose to stick to certain versions.

A specific scenario we have right now is that we are currently seeing a critical issue reported by our SCA tool (mend.io) in the uppy.js dependency. ABP.io is currently using 1.X of uppy and are two major versions behind. https://www.mend.io/vulnerability-database/CVE-2022-0086

Is uppy on a backlog list somewhere to be updated? Have you chosen not to upgrade this for a reason? I understand we could upgrade try and upgrade this ourselves but there would be a high likelihood of breaking changes that we would then need to resolve.

Any help here would be appreciated. Thank you


2 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Seems it's a problem, we will try to upgrade uppy version to the latest.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    https://github.com/abpframework/abp/issues/18518

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15