Øyvind Sæbø created TINKERPOP-2572:
--------------------------------------
Summary: Upgrade dependencies to fix security vulnerabilities
Key: TINKERPOP-2572
URL: https://issues.apache.org/jira/browse/TINKERPOP-2572
Project: TinkerPop
Issue Type: Improvement
Components: gremlint
Affects Versions: 3.5.0
Reporter: Øyvind Sæbø
Fix For: 3.5.0
A few of Gremlint's indirect dependencies have vulnerabilities listed in the
GitHub Advisory Database.
Specifically the following should be done:
* Upgrade ws to version 7.4.6 or later (moderate severity) [1].
* Upgrade lodash to version 4.17.21 or later (high severity) [2].
* Upgrade hosted-git-info to version 2.8.9 or later (moderate severity) [3].
* Upgrade y18n to version 4.0.1 or later (high severity) [4].
* Upgrade node-notifier to version 8.0.1 or later (moderate severity) [5].
[1] [https://github.com/advisories/GHSA-6fc8-4gx4-v693]
[2] [https://github.com/advisories/GHSA-35jh-r3h4-6jhm]
[3] [https://github.com/advisories/GHSA-43f8-2h32-f4cj]
[4] [https://github.com/advisories/GHSA-c4w7-xm78-47vh]
[5] [https://github.com/advisories/GHSA-5fw9-fq32-wv5p]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
