← Back to context

Comment by egorfine

3 months ago

Then you probably have over a dozen CVEs in your code. Now, this is a different question whether they are exploitable and how much it is a risk.

Other than that you now probably have an insurmountable technical debt and upgrading the dependencies is a project of itself.

All the above applies to JavaScript world, of course. It's much different for the rest.

3 comments

egorfine

Reply
gslepak  3 months ago

> Then you probably have over a dozen CVEs in your code.

We continuously monitor our dependencies for CVEs and update them if necessary. Most of the time the CVEs that are reported are not relevant / worth updating for.

yread  3 months ago 

   content-security-policy: default-src 'self';

(and not sending crypto transactions): No need to worry about CVEs in js