Question for the team regarding maintenance on the OSS dependencies shipping with Heat: ffmpeg, nodejs, etc.

Are you all keeping up to date with the latest versions, especially when one needs to be running the latest versions to be safe from attacks mitigated by their security fixes?

NodeJS for example drops details on releases containing security updates here:

https://groups.google.com/forum/#!topic/nodejs-sec/jGPlKJyLIxI

Quite a few bugs in there for March 2018.

And FFmpeg does similarly with this page:

https://www.ffmpeg.org/security.html

Where they list CVEs fixed in each release.