PJ Fanning created HADOOP-18165:
-----------------------------------
Summary: hadoop-yarn-ui has a number of insecure dependencies
Key: HADOOP-18165
URL: https://issues.apache.org/jira/browse/HADOOP-18165
Project: Hadoop Common
Issue Type: Bug
Reporter: PJ Fanning
Many of these are rates as critical or high risk vulnerabilities. This list is
the tip of the iceberg.
Examples found by dependabot
* https://github.com/advisories/GHSA-35jh-r3h4-6jhm (lodash-es)
* https://github.com/advisories/GHSA-p6mc-m468-83gw (lodash)
* https://github.com/advisories/GHSA-pc58-wgmc-hfjr (mout)
* https://github.com/advisories/GHSA-4rq4-32rv-6wp6 (shelljs)
* https://github.com/advisories/GHSA-5955-9wpr-37jh (tar)
may need to upgrade ember to allow these items above to be updated
* https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
* https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 (socket.io-parser)
* https://github.com/advisories/GHSA-72mh-269x-7mh5 (xmlhttprequest-ssl)
* https://github.com/advisories/GHSA-g78m-2chm-r7qv (websocket-extensions)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
