[ https://issues.apache.org/jira/browse/DISPATCH-1741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17170857#comment-17170857 ]
ASF subversion and git services commented on DISPATCH-1741: ----------------------------------------------------------- Commit 2ca875c1591216896bb5442fd03b02ff8940f4b6 in qpid-dispatch's branch refs/heads/dependabot/npm_and_yarn/console/react/patternfly/react-table-4.12.1 from Ernest Allen [ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=2ca875c ] DISPATCH-1741: Manually bump console's yargs-parser depdency to version 13.1.2 to fix security vunerability > Update console dependency for yargs-parser to avoid security warning > -------------------------------------------------------------------- > > Key: DISPATCH-1741 > URL: https://issues.apache.org/jira/browse/DISPATCH-1741 > Project: Qpid Dispatch > Issue Type: Bug > Components: Console > Affects Versions: 1.13.0 > Reporter: Ernest Allen > Assignee: Ernest Allen > Priority: Major > Fix For: 1.13.0 > > > A new security vulnerability was identified with the released version of > yargs-parser. > The dependency path is > react-scripts > webpack-dev-server > yargs > yargs-parser > Since react-scripts has not been updated to require the version of > yargs-parser that fixes the vulnerability, the package-lock.json file needs > to be updated manually to require yargs-parser version 13.1.2 > See https://github.com/facebook/create-react-app/issues/9033 for a discussion > on the issue with react-scripts. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org