hendotcat opened a new pull request #2402: URL: https://github.com/apache/thrift/pull/2402
This is a fix for these security warnings we're getting via this package: ``` ISSUE: Versions of `marked` prior to 0.6.2 and later than 0.3.14 are vulnerable to Regular Expression Denial of Service. Email addresses may be evaluated in quadratic time, allowing attackers to potentially crash the node process due to resource exhaustion. RECOMMENDATION: Upgrade to version 0.6.2 or later. ``` ``` ISSUE: The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized. RECOMMENDATION: Upgrade to versions 1.12.1 or 1.13.0-2 or later ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
