yuriipalam commented on PR #7722: URL: https://github.com/apache/hbase/pull/7722#issuecomment-3921247194
> Can you please look into if these can be fixed? > > ``` > $ mvn clean install -DskipTests && mvn site -pl hbase-website > > ... > > [INFO] 15 vulnerabilities (1 low, 13 moderate, 1 high) > [INFO] > [INFO] To address issues that do not require attention, run: > [INFO] npm audit fix > [INFO] > [INFO] To address all issues (including breaking changes), run: > [INFO] npm audit fix --force > [INFO] > [INFO] Run `npm audit` for details. > > ... > ``` I looked and seems like at the moment they can't be. These are new and packages that rely on these packages didn't release a newer fix version yet. We should check in a few days. Nevertheless, we're not really affected by that. We just return static assets and do not accept any input from the user. Theoretically, we could have just put the whole website on CDN because it has no server behind. So no worries :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
