outdated @sentry/nextjs dependencies #9219
Closed
michal-bio
started this conversation in
General
Replies: 1 comment 6 replies
-
Hey @michal-bio. If you are using security scanners for this, these are false positives. See sentry-javascript/packages/nextjs/package.json Lines 27 to 39 in 729e432 devDependencies , which we use for tests. So with postcss like you mentioned, it's there because we are using an older version of next for our unit tests.
If that is not the case, please open a GH issue with the specific dependency that is causing security issues. Thanks! |
Beta Was this translation helpful? Give feedback.
6 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
are there any plans to update
@sentry/nextjs
dependencies?@sentry/nextjs uses outdated dependencies. good example: postcss@8.4.14 (released 1 year ago) and latest version is
@8.4.31
postcss@8.4.14
includes security vulnerabilities https://www.cve.org/CVERecord?id=CVE-2023-44270there are other dependencies but this is just a good example.
Beta Was this translation helpful? Give feedback.
All reactions