Dependabot Alerts for Essentia

Hello,
I’m new to Cloudcannon and had copied the Essentia starter to help with my learning. When I enabled the security insights for the repo where I copied it, Dependabot scanning showed numerous vulnerabilities due to all the dependencies (some of which seem Bookshop related). Just wanted to give you a heads up.

2 Likes

Thank you for the heads up!

The Essentia starter is was designed and built by @Justin_Parsons from Insight Creative, and lives in their GitHub. I’ve made a pull request to patch the high/critical vulnerabilities, and also to migrate to Unified Configuration.

We will make sure to tackle those “medium” vulnerabilities in the next Bookshop release.

3 Likes