Forum Stats

  • 3,733,822 Users
  • 2,246,827 Discussions
  • 7,856,887 Comments

Discussions

User_QQZTU
User_QQZTU Member Posts: 1 Green Ribbon
edited June 7 in Oracle JET

Hello

Currently we are using [email protected] on our application that has [email protected] has a direct dependency.

This [email protected] package as a medium severity security issue, where the fix is to update to 0.5.0 at least.(https://snyk.io/test/npm/xmldom/0.1.27)

I can see that even in the most recent ojet-cli this dependency still uses 0.1.27 (https://github.com/oracle/ojet-cli/blob/master/package.json)

My questions are, does anyone know if it is safe to manually update to [email protected] or will this most probably break ojet? Or is it safe to force the update?

Tagged:

Best Answer

  • John 'JB' Brock-Oracle
    John 'JB' Brock-Oracle Posts: 2,546 Employee
    Accepted Answer

    You can definitely update it and give it a shot. The CLI is a development environment tool, not something that you would ever use in a production environment, so there should be little exposure from a security point of view. However we will look to update it as soon as possible. v8.x is already in End of Life and no longer supported.

Answers

  • John 'JB' Brock-Oracle
    John 'JB' Brock-Oracle Posts: 2,546 Employee
    Accepted Answer

    You can definitely update it and give it a shot. The CLI is a development environment tool, not something that you would ever use in a production environment, so there should be little exposure from a security point of view. However we will look to update it as soon as possible. v8.x is already in End of Life and no longer supported.

Sign In or Register to comment.