[I] Open CVEs found using sbt dependencyCheck and yarn audit [daffodil-vscode]

via GitHub Tue, 16 Dec 2025 15:04:22 -0800


hdalsania opened a new issue, #1561:
URL: https://github.com/apache/daffodil-vscode/issues/1561


   ## Description
   
   This issue is created from v1.5.0 release feedback provided by Steve 
Lawrence.
   
   usage [MINOR] no open CVEs found using sbt dependencyCheck and yarn audit
        - MEDIUM finding for java commons-io 2.10.0 (CVE-2024-47554)
        - HIGH finding for java logback-core/classic 1.2.11 (CVE-2023-6378)
        - other jar dependencies seem to be false positives
        - LOW finding for npm cookie
   
   ## Steps to Reproduce
   
   sbt dependencyCheck and yarn audit
   
   ## Expected Behavior
   
   should not have any medium or high vulnerability exists.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[I] Open CVEs found using sbt dependencyCheck and yarn audit [daffodil-vscode]

Reply via email to