PJ Fanning created HADOOP-18165: ----------------------------------- Summary: hadoop-yarn-ui has a number of insecure dependencies Key: HADOOP-18165 URL: https://issues.apache.org/jira/browse/HADOOP-18165 Project: Hadoop Common Issue Type: Bug Reporter: PJ Fanning
Many of these are rates as critical or high risk vulnerabilities. This list is the tip of the iceberg. Examples found by dependabot * https://github.com/advisories/GHSA-35jh-r3h4-6jhm (lodash-es) * https://github.com/advisories/GHSA-p6mc-m468-83gw (lodash) * https://github.com/advisories/GHSA-pc58-wgmc-hfjr (mout) * https://github.com/advisories/GHSA-4rq4-32rv-6wp6 (shelljs) * https://github.com/advisories/GHSA-5955-9wpr-37jh (tar) may need to upgrade ember to allow these items above to be updated * https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars) * https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 (socket.io-parser) * https://github.com/advisories/GHSA-72mh-269x-7mh5 (xmlhttprequest-ssl) * https://github.com/advisories/GHSA-g78m-2chm-r7qv (websocket-extensions) -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org