Question: Security Review for @prismicio/client 7.12.0 Package

Hello Prismic Team,

We are evaluating the feasibility of using the @prismicio/client JavaScript SDK (v7.12.0) in a production environment. Security is a critical aspect of our workflow, and we enforce strict security checks on all third-party dependencies.

Could you confirm if there are any known or reported security vulnerabilities in the @prismicio/client package?
If available, could you provide:

  1. Details of any past security issues and how they were addressed.
  2. Best practices or recommendations for securely integrating @prismicio/client.

This will help us ensure the package meets our security standards.

Thank you for your assistance!

Best regards,
Akshay Jain
Airtel Payments Bank

Hi @akshay.jain,

Thanks for reaching out to us. We take security very seriously at Prismic, and we understand its critical importance to your workflow.

To date, there have been no major security issues reported with the @prismicio/client package, and as of now, there are no known security vulnerabilities in version 7.12.0 of the SDK.

If you or your team identify any potential security concerns, we encourage you to report them through our GitHub Security Advisory page or at security@prismic.io. This ensures that any issues are promptly reviewed and addressed.

When using the @prismicio/client SDK, we recommend regularly updating to the latest version to benefit from any security patches or enhancements. If we were to fix any security issue with the package, it'll be reported in its changelog and we'll reach out to you by mail should Prismic encounter any severe security issues and/or if we think you were impacted by one.

If you have additional questions or need further assistance, please don't hesitate to reach out. We're here to support your team in implementing @prismicio/client securely and effectively.

Best,
Lucie