WSO2 impacted: No
Evidence of compromise: No
Customers actions required: No
NPM package UA-Parser-JS poissonate security breach was identified on October 22, 2021. In addition, The security advisory  was published on October 23, 2021.
Impact on WSO2 Products and Deployments
As per the detailed analysis, it's been confirmed that WSO2 products and services are not using the vulnerable version of ua-parser-js.
Thereby confirming that WSO2 or WSO2 customers are not impacted by the said vulnerability.
Security Controls against supply chain attacks
- All the PRs will be reviewed and Merged. During this process if there were any sensitive data on the PRs those will be removed.
- All packages/ artifacts will undergo both Static and Dynamic application testing phases prior to production releases.