JS7 JOC Cockpit uses AngularJS and npm to build the javascript part of the web application JS7 JOC Cockpit.
The vulnerable package is not included with the JOC Cockpit application. This means that customers are not affected, the SOS build environment only is affected.
Desired Behavior
The rollup package is no longer used by JOC Cockpit when building the software.
JS7 JOC Cockpit should use a newer version of the build tool npm that does not make use of the vulnerable package.
Impact
We rate the impact to our software as zero.
The vulnerable component is only related through the build framework npm to build the JavaScript web application and is in no way used by the application or shipped with the application .