Closed Devryc closed 4 months ago
The result of npm audit does not constitute valid reports of security vulerabilities. As far as I'm aware none of these vulnerabilities can be exploited within Owl because these are all dev dependencies, none of them are bundled into Owl itself. Writing code into the Owl code base and then compiling Owl does not constitute a valid attack vector: users are not compiling Owl, and users would have to be adding untrusted code to Owl itself and then run it or compile it to trigger them, if you're running or compiling Owl after adding untrusted code to the code base, all bets are off.
If you can figure out a way to exploit any of these vulnerabilities in the compiled Owl runtime or Owl compiler, please follow our responsible disclosure policy outlined here: https://www.odoo.com/security-report
Hi @sdegueldre. I just posted that if exist a possible to "update" or change some dev dependencies to see less vurnerabilities installed this "quick start" guide.
Thanks a lot for you explication.
@Devryc yes, you're right, we should go through that material and update it
Hi, I'm trying following the tutorial on Standard Javascript project. When I set all the files i got this error when use
npm i
And if I do 'npm fund':
Then if I use 'npm audit fix` I get:
It show a lot of vulnerabilites with packages he used and make it so unsecure. I want development some statics app for my Odoo and I'm trying development on local.
Thanks a lot. Diego.