[
https://issues.apache.org/jira/browse/TOBAGO-2084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360046#comment-17360046
]
Udo Schnurpfeil edited comment on TOBAGO-2084 at 6/9/21, 1:50 PM:
------------------------------------------------------------------
Yes, of course, but 1.0.7 was released a bit too late for this release. Will be
used in the next one :).
On the other hand. I comes over a different dependency, which hat no newer
release. And it might be a bit confusing to set "path-parse" as explicit
dependency for Tobago. Because there isn't one. (and you can't do "fixme"
comments inside json :()
was (Author: lofwyr):
Yes, of course, but 1.0.7 was released a bit too late for this release. Will be
used in the next one :).
> CVE suppression for Tobago 5
> ----------------------------
>
> Key: TOBAGO-2084
> URL: https://issues.apache.org/jira/browse/TOBAGO-2084
> Project: MyFaces Tobago
> Issue Type: Task
> Components: Build
> Reporter: Udo Schnurpfeil
> Assignee: Udo Schnurpfeil
> Priority: Minor
> Fix For: 4.5.4, 5.0.0-alpha-1, 5.0.0
>
>
> Split CVE suppression list between Tobago 4 and 5
> Also:
> * add CVE suppression for npm path-parse
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
