[
https://issues.apache.org/jira/browse/TINKERPOP-2572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17355367#comment-17355367
]
Stephen Mallette commented on TINKERPOP-2572:
---------------------------------------------
feel free to adjust the .gitignored as needed for javascript stuff if something
looks off. if that's a normal file to be in git then let's get it added. please
fix it for gremlin-javascript as well starting at 3.3-dev and merging forward
with changes specific for gremlint as needed in the 3.5-branch and forward.
> Upgrade dependencies to fix security vulnerabilities
> ----------------------------------------------------
>
> Key: TINKERPOP-2572
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2572
> Project: TinkerPop
> Issue Type: Improvement
> Components: gremlint
> Affects Versions: 3.5.0
> Reporter: Øyvind Sæbø
> Assignee: Øyvind Sæbø
> Priority: Trivial
> Fix For: 3.5.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> A few of Gremlint's indirect dependencies have vulnerabilities listed in the
> GitHub Advisory Database.
> Specifically the following should be done:
> * Upgrade ws to version 7.4.6 or later (moderate severity) [1].
> * Upgrade lodash to version 4.17.21 or later (high severity) [2].
> * Upgrade hosted-git-info to version 2.8.9 or later (moderate severity) [3].
> * Upgrade y18n to version 4.0.1 or later (high severity) [4].
> * Upgrade node-notifier to version 8.0.1 or later (moderate severity) [5].
> [1] [https://github.com/advisories/GHSA-6fc8-4gx4-v693]
> [2] [https://github.com/advisories/GHSA-35jh-r3h4-6jhm]
> [3] [https://github.com/advisories/GHSA-43f8-2h32-f4cj]
> [4] [https://github.com/advisories/GHSA-c4w7-xm78-47vh]
> [5] [https://github.com/advisories/GHSA-5fw9-fq32-wv5p]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
