search

inductiveautomation / ignition-sdk-examples

Ignition SDK Example Projects
164 stars 92 forks source link

@inductiveautomation/perspective-client@2.1.8 uses vulnerable library moment "^2.20.1" #87

Closed bradder555 closed 7 months ago

bradder555 commented 2 years ago

similar to issue #86 , many of the packages used by perspective-client are out by a few major releases.

Consequently, there are a number of security issues

"@inductiveautomation/perspective-client@2.1.8", "@inductiveautomation/perspective-client@^2.1.8":
  version "2.1.8"
  resolved "https://nexus.inductiveautomation.com/repository/node-packages/@inductiveautomation/perspective-
...
...
    mobx-react "^6.1.4"
    mobx-react-lite "^1.5.0"
    moment "2.20.1"

https://security.snyk.io/vuln/SNYK-JS-MOMENT-2440688

please provide a new release of perspective-client, etc

please consider using dependabot in your repos

jjcoffman commented 2 years ago

Hi bradder555, thanks for the issue! This is already an open and outstanding ticket internally (IGN-5570) Which i opened a few sprints back. we are hoping to address it soon!

KathyApplebaum commented 7 months ago

PR109 addresses this.