[
https://issues.apache.org/jira/browse/TINKERPOP-2572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17355405#comment-17355405
]
Øyvind Sæbø commented on TINKERPOP-2572:
----------------------------------------
Yes, I created a separate ticket for it here
https://issues.apache.org/jira/browse/TINKERPOP-2574. Might be a good task for
me to get familiar with how we deal with pull requests targeting multiple
versions.
> Upgrade dependencies to fix security vulnerabilities
> ----------------------------------------------------
>
> Key: TINKERPOP-2572
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2572
> Project: TinkerPop
> Issue Type: Improvement
> Components: gremlint
> Affects Versions: 3.5.0
> Reporter: Øyvind Sæbø
> Assignee: Øyvind Sæbø
> Priority: Trivial
> Fix For: 3.5.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> A few of Gremlint's indirect dependencies have vulnerabilities listed in the
> GitHub Advisory Database.
> Specifically the following should be done:
> * Upgrade ws to version 7.4.6 or later (moderate severity) [1].
> * Upgrade lodash to version 4.17.21 or later (high severity) [2].
> * Upgrade hosted-git-info to version 2.8.9 or later (moderate severity) [3].
> * Upgrade y18n to version 4.0.1 or later (high severity) [4].
> * Upgrade node-notifier to version 8.0.1 or later (moderate severity) [5].
> [1] [https://github.com/advisories/GHSA-6fc8-4gx4-v693]
> [2] [https://github.com/advisories/GHSA-35jh-r3h4-6jhm]
> [3] [https://github.com/advisories/GHSA-43f8-2h32-f4cj]
> [4] [https://github.com/advisories/GHSA-c4w7-xm78-47vh]
> [5] [https://github.com/advisories/GHSA-5fw9-fq32-wv5p]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
