shibd opened a new pull request, #464:
URL: https://github.com/apache/pulsar-client-node/pull/464
Resolves 13 security vulnerabilities:
- 2 critical vulnerabilities in form-data
- 6 high vulnerabilities in minimatch and tar
- 4 moderate vulnerabilities in ajv, qs, and tough-cookie
- 1 low vulnerability
Changes:
- Upgraded @definitelytyped/utils from 0.0.168 to 0.1.13
- Fixes vulnerabilities in transitive dependencies: form-data, qs,
tough-cookie, and tar
- Downgraded dtslint from 4.2.0 to 3.4.2
- Required to use the fixed @definitelytyped/utils version
- 4.2.x still depends on vulnerable @definitelytyped/[email protected]
- Updated package-lock.json and yarn.lock
Verification:
- npm audit: 0 vulnerabilities
- Build test: passed with node-pre-gyp build
- Binary generated: lib/binding/pulsar.node
Note: [email protected] is deprecated, see https://aka.ms/type-testing-tools but
it is needed until a newer stable version is available that does not depend on
vulnerable packages.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)
Co-authored-by: Sisyphus <[email protected]>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
