[ https://issues.apache.org/jira/browse/AIRFLOW-6630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17023189#comment-17023189 ]
ASF GitHub Bot commented on AIRFLOW-6630: ----------------------------------------- ryw commented on pull request #7253: [AIRFLOW-6630] Resolve NPM advisory for Handlebars URL: https://github.com/apache/airflow/pull/7253 Resolve NPM advisory for Handlebars, which advises 4.5.3 or higher. Running `npm install` locally for me brings in Handlebars 4.7.3 with this commit. --- Make sure to mark the boxes below before creating PR: [x] - [X] Description above provides context of the change - [X] Commit message/PR title starts with `[AIRFLOW-NNNN]`. AIRFLOW-NNNN = JIRA ID<sup>*</sup> - [X] Unit tests coverage for changes (not needed for documentation changes) - [X] Commits follow "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)" - [X] Relevant documentation is updated including usage instructions. - [X] I will engage committers as explained in [Contribution Workflow Example](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#contribution-workflow-example). <sup>*</sup> For document-only changes commit message can start with `[AIRFLOW-XXXX]`. --- In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed. In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x). In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md). Read the [Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines) for more information. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Resolve Handlebars advisory > ---------------------------- > > Key: AIRFLOW-6630 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6630 > Project: Apache Airflow > Issue Type: Improvement > Components: webserver > Affects Versions: 1.10.7 > Reporter: Ry Walker > Assignee: Ry Walker > Priority: Major > Fix For: 1.10.8 > > > Security scan turned up Handlebars 4.3.5 as a vulnerability per this NPM > advisory [https://www.npmjs.com/advisories/1324] - I've got PR to resolve. -- This message was sent by Atlassian Jira (v8.3.4#803005)