[
https://issues.apache.org/jira/browse/YUNIKORN-2496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17827831#comment-17827831
]
Wilfred Spiegelenburg commented on YUNIKORN-2496:
-------------------------------------------------
When updating axios via pnpm it gets upgraded to 1.6.8. The build after that
change does not work anymore. Forcing axios to move to 0.28 (from vulnerable
0.25) fixes that issue.
> Fix security issues in website javascript
> -----------------------------------------
>
> Key: YUNIKORN-2496
> URL: https://issues.apache.org/jira/browse/YUNIKORN-2496
> Project: Apache YuniKorn
> Issue Type: Task
> Components: website
> Reporter: Wilfred Spiegelenburg
> Assignee: Wilfred Spiegelenburg
> Priority: Major
> Labels: pull-request-available
>
> The change to pnmp triggered a large number of security alerts from
> dependabot.
> 7 could be fixed directly by the 4 PRs opened by dependabot. 6 need manual
> intervention.
> The change also included an upgrade of the Algolia search component to 3.x.
> That change prevent running {{{}pnpm audit{}}}.
> Docusaurus 3.x also contains a large number of backward incompatible changes
> and an upgrade is planned separately. Using the Algolia 3.x dependency
> already pushes some of these changes and should be reverted to Algolia 2.x
> same as the rest of Docusaurus environment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
