[
https://issues.apache.org/jira/browse/HADOOP-18165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
PJ Fanning updated HADOOP-18165:
--------------------------------
Description:
Many of these are rates as critical or high risk vulnerabilities. This list is
the tip of the iceberg.
Examples found by dependabot
* https://github.com/advisories/GHSA-35jh-r3h4-6jhm (lodash-es)
* https://github.com/advisories/GHSA-p6mc-m468-83gw (lodash)
* https://github.com/advisories/GHSA-pc58-wgmc-hfjr (mout)
* https://github.com/advisories/GHSA-4rq4-32rv-6wp6 (shelljs)
* https://github.com/advisories/GHSA-5955-9wpr-37jh (tar)
* https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
* https://github.com/advisories/GHSA-f2jv-r9rf-7988 (handlebars)
* https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 (socket.io-parser)
* https://github.com/advisories/GHSA-72mh-269x-7mh5 (xmlhttprequest-ssl)
* https://github.com/advisories/GHSA-g78m-2chm-r7qv (websocket-extensions)
may need to upgrade ember to allow some of these NPMs to be updated
was:
Many of these are rates as critical or high risk vulnerabilities. This list is
the tip of the iceberg.
Examples found by dependabot
* https://github.com/advisories/GHSA-35jh-r3h4-6jhm (lodash-es)
* https://github.com/advisories/GHSA-p6mc-m468-83gw (lodash)
* https://github.com/advisories/GHSA-pc58-wgmc-hfjr (mout)
* https://github.com/advisories/GHSA-4rq4-32rv-6wp6 (shelljs)
* https://github.com/advisories/GHSA-5955-9wpr-37jh (tar)
may need to upgrade ember to allow these items above to be updated
* https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
* https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 (socket.io-parser)
* https://github.com/advisories/GHSA-72mh-269x-7mh5 (xmlhttprequest-ssl)
* https://github.com/advisories/GHSA-g78m-2chm-r7qv (websocket-extensions)
> hadoop-yarn-ui has a number of insecure dependencies
> ----------------------------------------------------
>
> Key: HADOOP-18165
> URL: https://issues.apache.org/jira/browse/HADOOP-18165
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: PJ Fanning
> Priority: Major
>
> Many of these are rates as critical or high risk vulnerabilities. This list
> is the tip of the iceberg.
> Examples found by dependabot
> * https://github.com/advisories/GHSA-35jh-r3h4-6jhm (lodash-es)
> * https://github.com/advisories/GHSA-p6mc-m468-83gw (lodash)
> * https://github.com/advisories/GHSA-pc58-wgmc-hfjr (mout)
> * https://github.com/advisories/GHSA-4rq4-32rv-6wp6 (shelljs)
> * https://github.com/advisories/GHSA-5955-9wpr-37jh (tar)
> * https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
> * https://github.com/advisories/GHSA-f2jv-r9rf-7988 (handlebars)
> * https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 (socket.io-parser)
> * https://github.com/advisories/GHSA-72mh-269x-7mh5 (xmlhttprequest-ssl)
> * https://github.com/advisories/GHSA-g78m-2chm-r7qv (websocket-extensions)
> may need to upgrade ember to allow some of these NPMs to be updated
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
