Dear Microsoft, For an Outlook add-in in our organisation we use 'Office-Addin-TaskPane-React'. Following dependencies listed in package.json and package-json.lock have security vulnerabilities: Security Issue Component CVE-2025-27152 axios : 1.7.9 CVE-2025-27152 axios : 1.7.9 sonatype-2025-000953 axios : 1.7.9 CVE-2025-27789 @babel/runtime : 7.26.9 sonatype-2023-4801 inflight : 1.0.6 sonatype-2021-0078 express : 4.21.2 CVE-2024-10491 express : 4.21.2 sonatype-2017-0717 react-dom : 18.3.1 With dependency tree: Please advise what to do and provide an ETA by when you plan on releasing a new master version with the dependencies updated and vulnerabilities remediated. Thanks a lot! Best regards, Marc Kaufmann

Office-Addin-TaskPane-React Dependency Vulnerabilities

Kaufmann, Marc 0

Dear Microsoft,

For an Outlook add-in in our organisation we use 'Office-Addin-TaskPane-React'.

Following dependencies listed in package.json and package-json.lock have security vulnerabilities:

Security Issue	Component
CVE-2025-27152	axios : 1.7.9
CVE-2025-27152	axios : 1.7.9
sonatype-2025-000953	axios : 1.7.9
CVE-2025-27789	@babel/runtime : 7.26.9
sonatype-2023-4801	inflight : 1.0.6
sonatype-2021-0078	express : 4.21.2
CVE-2024-10491	express : 4.21.2
sonatype-2017-0717	react-dom : 18.3.1

With dependency tree: User's image

Please advise what to do and provide an ETA by when you plan on releasing a new master version with the dependencies updated and vulnerabilities remediated.

Thanks a lot!

Best regards,

Marc Kaufmann

Share via

Office-Addin-TaskPane-React Dependency Vulnerabilities

Your answer