Hello,
I’m new to Cloudcannon and had copied the Essentia starter to help with my learning. When I enabled the security insights for the repo where I copied it, Dependabot scanning showed numerous vulnerabilities due to all the dependencies (some of which seem Bookshop related). Just wanted to give you a heads up.
2 Likes
Thank you for the heads up!
The Essentia starter is was designed and built by @Justin_Parsons from Insight Creative, and lives in their GitHub. I’ve made a pull request to patch the high/critical vulnerabilities, and also to migrate to Unified Configuration.
We will make sure to tackle those “medium” vulnerabilities in the next Bookshop release.
3 Likes