[ https://issues.apache.org/jira/browse/AVRO-3317?focusedWorklogId=712703&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-712703 ]
ASF GitHub Bot logged work on AVRO-3317: ---------------------------------------- Author: ASF GitHub Bot Created on: 21/Jan/22 09:41 Start Date: 21/Jan/22 09:41 Worklog Time Spent: 10m Work Description: martin-g commented on pull request #1468: URL: https://github.com/apache/avro/pull/1468#issuecomment-1018342155 @RyanSkraba I remember there was some issue/concern with the update of package-lock.json few months ago. Do you remember the details ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@avro.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 712703) Time Spent: 20m (was: 10m) > JavaScript: Update dependencies > ------------------------------- > > Key: AVRO-3317 > URL: https://issues.apache.org/jira/browse/AVRO-3317 > Project: Apache Avro > Issue Type: Improvement > Components: javascript > Reporter: Martin Tzvetanov Grigorov > Assignee: Martin Tzvetanov Grigorov > Priority: Minor > Labels: pull-request-available > Time Spent: 20m > Remaining Estimate: 0h > > Dependabot created a [PR|https://github.com/apache/avro/pull/1461/files] to > update Mocha to a newer version but it needs reworking of the tests from TDD > style to BDD. > > Also there are some more dependabot alerts about vulnerabilities in packages > listed in package-lock.json: > [https://github.com/apache/avro/security/dependabot] > > It would be good to update all the dependencies and package-lock.json! -- This message was sent by Atlassian Jira (v8.20.1#820001)