Jens Geyer created THRIFT-6017:
----------------------------------
Summary: Upgrade jsdoc from 3.6 to 4.x in lib/js and lib/ts
Key: THRIFT-6017
URL: https://issues.apache.org/jira/browse/THRIFT-6017
Project: Thrift
Issue Type: Dependency upgrade
Components: JavaScript - Library, TypeScript - Library
Reporter: Jens Geyer
lib/js and lib/ts both depend on jsdoc 3.6.x for documentation generation.
jsdoc 3.6 has two problematic transitive dependencies that are no longer
present in jsdoc 4.x:
- taffydb: an abandoned package (CVE-2019-10790, HIGH) that jsdoc 4.x has
dropped entirely.
- older lodash versions via catharsis and requizzle sub-dependencies.
jsdoc 4.x was released in 2023 and is the current stable version. The upgrade
requires updating the jsdoc entry in devDependencies in both
lib/js/package.json and lib/ts/package.json, regenerating the respective
package-lock.json files, and verifying that doc generation still works.
Prerequisite: THRIFT-6016 (move jsdoc to devDependencies in lib/ts).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
