Describe the issue:
Hi,
Is an update of the gatbsy-source-datocms
package planned to replace the datocms-client
dependency, which is deprecated and has multiple vulnerabilities in its dependencies?
Hi,
Is an update of the gatbsy-source-datocms
package planned to replace the datocms-client
dependency, which is deprecated and has multiple vulnerabilities in its dependencies?
Hello, since Gastby development has stalled we donโt have much incentive into doing a big upgrade of our source plugin at the moment.
Also on the security side I am not sure where the attack vector could be. Our source plugin is fetching data from a Dato project that you should be controlling, so in theory it should only process data that is already controlled by you? What do you think? Where else an attack could come from?
If thereโs a good enough incentive we could consider at least upgrading the dependencies all the way through to remove the most important vulnerabilities.