cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
davallen
Microsoft
Microsoft

Webpack in pcf-scripts out of date

Hello,

 

We have a high prioritiy security issue with the specified version of webpack (4.28.4) in the pcf-scripts npm package. Unfortunately it specifies exactly that version in package.json.

 

Is it ok to resolve to the latest webpack version or would this cause issues to pcf-scripts package?

2 REPLIES 2
DavidJen
Microsoft
Microsoft

The soon-to-be-released March refresh for pcf-scripts (ETA mid next week) has already been updated to:

    "webpack": "4.42.1",

 

It got flagged by our internal compliance/security tracking as well.

To work around until then, yes, you should be able to locally resolve to the latest 4.42.1

While we are in this area, my gitgub repository is complaining about a number of security vulnerabilities with some webpack dependencies (but not yet webpack itself).

 

Minimist - Upgrade minimist to version 1.2.3 or later. 

acorn - Upgrade acorn to version 5.7.4 or later

kind-of - Upgrade kind-of to version 6.0.3 or later

 

Will this next release resolve these complaints as well?

---
If this post has answered your question please consider it for "Accept as Solution" or if it has been helpful give it a "Thumbs Up".

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

secondImage

Demo Extravaganza Winner Announcement

Please join us on Wednesday, July 21st at 8a PDT. We will be announcing the Winners of the Demo Extravaganza!

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Users online (3,026)