[jira] [Created] (HADOOP-18165) hadoop-yarn-ui has a number of insecure dependencies

PJ Fanning (Jira) Sat, 19 Mar 2022 18:01:05 -0700

PJ Fanning created HADOOP-18165:
-----------------------------------

             Summary: hadoop-yarn-ui has a number of insecure dependencies
                 Key: HADOOP-18165
                 URL: https://issues.apache.org/jira/browse/HADOOP-18165
             Project: Hadoop Common
          Issue Type: Bug
            Reporter: PJ Fanning



Many of these are rates as critical or high risk vulnerabilities. This list is 
the tip of the iceberg.

Examples found by dependabot
* https://github.com/advisories/GHSA-35jh-r3h4-6jhm (lodash-es)
* https://github.com/advisories/GHSA-p6mc-m468-83gw (lodash)
* https://github.com/advisories/GHSA-pc58-wgmc-hfjr (mout)
* https://github.com/advisories/GHSA-4rq4-32rv-6wp6 (shelljs)
* https://github.com/advisories/GHSA-5955-9wpr-37jh (tar)

may need to upgrade ember to allow these items above to be updated

* https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
* https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 (socket.io-parser)
* https://github.com/advisories/GHSA-72mh-269x-7mh5 (xmlhttprequest-ssl)
* https://github.com/advisories/GHSA-g78m-2chm-r7qv (websocket-extensions)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Created] (HADOOP-18165) hadoop-yarn-ui has a number of insecure dependencies

Reply via email to