I launched a vulnerability analyze on packages used in your source code and found 8 problems (moreless on 4 package only) :
axios 0.21.1 NVD CVE-2021-3749 High
postcss 6.0.23 NVD CVE-2021-23382 Medium
postcss 7.0.21 NVD CVE-2021-23382 Medium
postcss 7.0.21 OSSINDEX e3f310ed-219c-4087-aa58-8425b13c3ec5 High
postcss 7.0.21 NVD CVE-2021-23368 Medium
axios 0.15.3 NVD CVE-2019-10742 High
axios 0.15.3 OSSINDEX 293be0b3-9672-4e36-b530-44be7f592d0a High
axios 0.15.3 NVD CVE-2021-3749 High
How can we manage package upgrade to be sure do not have vulnerability on Corteza ?
Do you have any update about that security point ? considered for us as prioritary due to security reason. We tried to check on source code but we are not expert… and it looks very complicated to update package on corteza directly.