[
https://issues.apache.org/jira/browse/YUNIKORN-2885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17885865#comment-17885865
]
Wilfred Spiegelenburg commented on YUNIKORN-2885:
-------------------------------------------------
Since updating to pnpm v9 dependabot, which we used as a tool to do this for
us, no longer works. There is an open issue against dependabot for [pnpm v9
support.|https://github.com/dependabot/dependabot-core/issues/10534] Until that
gets fixed we need to make sure that we run this kind of a check and update
before each release.
We need to have this documented or tracked somewhere to make sure we do not
forget when get to YuniKorn 1.7 in a couple of months.
[~ccondit] / [~pbacsko] for some more visibility
> Fix security vulnerabilities in dependencies
> --------------------------------------------
>
> Key: YUNIKORN-2885
> URL: https://issues.apache.org/jira/browse/YUNIKORN-2885
> Project: Apache YuniKorn
> Issue Type: Improvement
> Components: webapp
> Reporter: JunHong Peng
> Assignee: JunHong Peng
> Priority: Major
> Labels: pull-request-available
>
> {{pnpm audit}} report:
> [audit-report.md|https://github.com/user-attachments/files/17089735/audit-report.md]
> 26 vulnerabilities found
> Severity: 12 moderate | 14 high
> After Upgrade Angular v18 (#YUNIKORN-2861) Audit Report:
> [audit-report.md|https://github.com/user-attachments/files/17164041/audit-report.md]
> 8 vulnerabilities found
> Severity: 3 moderate | 5 high
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
