You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@inlong.apache.org by GitBox <gi...@apache.org> on 2022/02/10 21:14:31 UTC

[GitHub] [incubator-inlong] pjfanning opened a new issue #2461: [Bug] a number of CVEs exist for NPMs exist in dashboard

pjfanning opened a new issue #2461:
URL: https://github.com/apache/incubator-inlong/issues/2461


   ### What happened
   
   I did a dependabot analysis of InLong and have submitted maven fixes but I'm not a UI specialist so haven't attempted to update the NPM modules.
   
   Some of the highest severity issues include:
   * https://github.com/advisories/GHSA-33f9-j839-rf8h
   * https://github.com/advisories/GHSA-hxcc-f52p-wc94
   * https://github.com/advisories/GHSA-ww39-953v-wcq6
   
   `npm audit` and `npm audit fix` can be used
   
   ### What you expected to happen
   
   n/a
   
   ### How to reproduce
   
   n/a
   
   ### Environment
   
   _No response_
   
   ### InLong version
   
   master
   
   ### InLong Component
   
   InLong Dashboard
   
   ### Are you willing to submit PR?
   
   - [ ] Yes, I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@inlong.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-inlong] leezng commented on issue #2461: [Bug] a number of CVEs exist for NPMs exist in dashboard

Posted by GitBox <gi...@apache.org>.

leezng commented on issue #2461:
URL: https://github.com/apache/incubator-inlong/issues/2461#issuecomment-1035841354


   @pjfanning 
   I try to use `npm audit fix` to resolve some vulnerabilities. But there are still some that involve breaking changes. Because they are lower-level dependencies of development dependencies, theoretically they will not affect the UI layer.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@inlong.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-inlong] gosonzhang commented on issue #2461: [Bug] a number of CVEs exist for NPMs exist in dashboard

Posted by GitBox <gi...@apache.org>.

gosonzhang commented on issue #2461:
URL: https://github.com/apache/incubator-inlong/issues/2461#issuecomment-1035792760


   @pjfanning, thanks, you are professional!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@inlong.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-inlong] dockerzhang closed issue #2461: [Bug] a number of CVEs exist for NPMs exist in dashboard

Posted by GitBox <gi...@apache.org>.

dockerzhang closed issue #2461:
URL: https://github.com/apache/incubator-inlong/issues/2461


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@inlong.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-inlong] dockerzhang commented on issue #2461: [Bug] a number of CVEs exist for NPMs exist in dashboard

Posted by GitBox <gi...@apache.org>.

dockerzhang commented on issue #2461:
URL: https://github.com/apache/incubator-inlong/issues/2461#issuecomment-1035724419


   @leezng PTAL, thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@inlong.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org