Hi, There are a number of pull requests in https://github.com/apache/airavata/pulls that relate to upgrading dependencies due to security concerns. Some are raised by Dependabot but I raised a few a few months ago (April timeframe) that are linked to Jira issues. Would any of the Airavata committers be able to look at them?
Regards, PJ