Closed JMoVS closed 3 weeks ago
Hi, thanks for repord, I've created issue 57653 to handle dependencies for server
repo
But not sure about web-apps
repo, since last time we checked - all those dependencies are only on build level and it's safe to use our code in production mode
If you know how to trigger those vulnerabilities and really do some dangerous stuff - you can contact security@onlyoffice.com
We've fixed Critical problems.
Do you want to request a feature or report a bug? Bug/outdated dependencies What is the current behavior? While self-building document server,
npm
reports multiple vulnerabilities If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem. Building myself shows multiple problems - here is the extract of the npm audits:Why are these dependencies out of date? And did you consider using the github tools to have a badge in the readme to check for outdated and vulnerable npm package versions?
DocumentServer version: 7.1.1 build tools 44