You are viewing a plain text version of this content. The canonical link for it is here.

Posted to pr@jena.apache.org by GitBox <gi...@apache.org> on 2022/02/20 21:29:54 UTC

[GitHub] [jena] afs opened a new pull request #1202: Explicit choice of versions (ajv, nanoid)

afs opened a new pull request #1202:
URL: https://github.com/apache/jena/pull/1202


   This PR puts the version numbers of into the "resolutions" section of package.json. This then satisfies the github security dependabot which does not seem to see that the versions actually used are via a different dependency route and are later (and fixed).
   
   This PR explicitly puts in the versions based checking node_modules/{ajv,nanoid}/package.json files.
   
   An alternative course of action is that we instead simply mark the security alerts as not relevant - this then means we are not limited in the future by the named package.json/"resolutions" settings.
   
   Which is best?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org

[GitHub] [jena] afs merged pull request #1202: Explicit choice of versions (ajv, nanoid)

Posted by GitBox <gi...@apache.org>.

afs merged pull request #1202:
URL: https://github.com/apache/jena/pull/1202


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org

[GitHub] [jena] afs commented on pull request #1202: Explicit choice of versions (ajv, nanoid)

Posted by GitBox <gi...@apache.org>.

afs commented on pull request #1202:
URL: https://github.com/apache/jena/pull/1202#issuecomment-1046640192


   My downstream working copy of jena has cleared all the security alerts which is good.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org