Cumulocity Application Builder Vulnerability Issues

Cumulocity-IoT / cumulocity-app-builder

The Application Builder for Cumulocity provides a simple, coding-free way to create new applications inside Cumulocity. Application Builder is an open-source tool for you to create web applications in a no-code environment. Created by Global Presales.

Apache License 2.0

16 stars 6 forks source link

Cumulocity Application Builder Vulnerability Issues #35

Closed amarml17 closed 3 years ago

amarml17 commented 3 years ago

One of our customer is using Cumulocity App builder and are seeing few vulnerability issues using @c8y/cli:1006.6.8 & @angular-devkit/build-angular": "0.803.17".

While fixing vulnerabilities errors of “@angular-devkit/build- angular by changing version, @c8y packages are getting affected. Please let us know how these vulnerability issues can be fixed.

Attached the Audit report and package.json file.

npm_audit_report.txt package.json.txt

DarpanLalani commented 3 years ago

@c8y/cli and @angular packages are tightly coupled. So if you try to fix by changing angular version, c8y packages may not work properly. We are periodically scanning and fixing any open vulnerabilities which are not related to product/framework packages in application builder.

DarpanLalani commented 3 years ago

closing this issue since no further activity in this issue