[
https://issues.apache.org/jira/browse/THRIFT-6017?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jens Geyer resolved THRIFT-6017.
--------------------------------
Fix Version/s: 0.24.0
Assignee: Jens Geyer
Resolution: Fixed
> Upgrade jsdoc from 3.6 to 4.x in lib/js and lib/ts
> --------------------------------------------------
>
> Key: THRIFT-6017
> URL: https://issues.apache.org/jira/browse/THRIFT-6017
> Project: Thrift
> Issue Type: Dependency upgrade
> Components: JavaScript - Library, TypeScript - Library
> Reporter: Jens Geyer
> Assignee: Jens Geyer
> Priority: Major
> Fix For: 0.24.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> lib/js and lib/ts both depend on jsdoc 3.6.x for documentation generation.
> jsdoc 3.6 has two problematic transitive dependencies that are no longer
> present in jsdoc 4.x:
> - taffydb: an abandoned package (CVE-2019-10790, HIGH) that jsdoc 4.x has
> dropped entirely.
> - older lodash versions via catharsis and requizzle sub-dependencies.
> jsdoc 4.x was released in 2023 and is the current stable version. The upgrade
> requires updating the jsdoc entry in devDependencies in both
> lib/js/package.json and lib/ts/package.json, regenerating the respective
> package-lock.json files, and verifying that doc generation still works.
> Prerequisite: THRIFT-6016 (move jsdoc to devDependencies in lib/ts).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
