[GitHub] [jena] afs commented on pull request #1199: yarn upgrade

[GitBox <gi...@apache.org>]

afs commented on pull request #1199:
URL: https://github.com/apache/jena/pull/1199#issuecomment-1044796770


   It has added  "follow-redirects": "^1.14.7" to package.json and yarn.lock there is 1.14.8. That's good.
   
   My working copy of Jena has received more security alerts than here (at the moment) and I think they are all addressed by this PR. None look very serious.
   
   The dependabot security alert for `ajv` seems confused. It says it can't go past 5.5.2 but yarn.lock has 6.12.6 via a different route.
   
   The 5.x.y lock is due to:
   
   `istanbul-instrumenter-loader@3.0.1 requires ajv@^5.0.0`
   in:
   ```
   @vue/cli-plugin-babel@4.5.15 requires ajv@^6.12.4 via a transitive dependency on schema-utils@2.7.1
   @vue/cli-service@4.5.15 requires ajv@^6.12.4 via a transitive dependency on schema-utils@2.7.1
   eslint@7.32.0 requires ajv@^6.12.4 via @eslint/eslintrc@0.4.3
   eslint@7.32.0 requires ajv@^8.0.1 via table@6.8.0
   istanbul-instrumenter-loader@3.0.1 requires ajv@^5.0.0 via schema-utils@0.3.0
   sass-loader@10.2.1 requires ajv@^6.12.5 via a transitive dependency on schema-utils@3.1.1
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org