[
https://issues.apache.org/jira/browse/YUNIKORN-3227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057513#comment-18057513
]
Wilfred Spiegelenburg commented on YUNIKORN-3227:
-------------------------------------------------
A new file {{pnpm-workspace.yaml}} is added to make sure the override does not
get reversed when running a build on a clean system. Without the file the
dependency changed back to the old version when running build on a clean (make
distclean) setup.
The upgrade to pnpm v10 also had some side effects on the puppeteer install. No
post install scripts are run by default any more in pnpm v10. No chrome for
testing is installed when using {{{}pnpm i{}}}. If chrome for testing was
installed karma setup picked up the wrong chrome for testing when setting the
chrome executable in the karma config.
Reproduction of the issue without the changes in this jira:
* run {{make distclean}}
* run {{rm -r ~/.cache/puppeteer}}
* run {{make test}}
> modelcontextprotocol/sdk high CVE
> ---------------------------------
>
> Key: YUNIKORN-3227
> URL: https://issues.apache.org/jira/browse/YUNIKORN-3227
> Project: Apache YuniKorn
> Issue Type: Task
> Components: security, webapp
> Reporter: Wilfred Spiegelenburg
> Assignee: Wilfred Spiegelenburg
> Priority: Minor
> Labels: pull-request-available
> Fix For: 1.9.0
>
>
> In YUNIKORN-3224 dependencies were updated. The hono and angular-cli updates
> seem to have clashed with the modelcontextprotocol/sdk as it had not moved to
> the correct version.
> A re-run of pnpm audit shows the incorrect dependency.
> The angular-cli dependency which introduces the modelcontextprotocol/sdk into
> the system is a dev only dependency setting priority based on that (no
> production impact)
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
