You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "László Bodor (Jira)" <ji...@apache.org> on 2022/07/19 17:30:00 UTC
[jira] [Commented] (TEZ-4436) [TEZ-UI] uses many vulnerable libraries
[ https://issues.apache.org/jira/browse/TEZ-4436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17568658#comment-17568658 ]
László Bodor commented on TEZ-4436:
-----------------------------------
thanks for reporting this [~pj.fanning]
can you confirm what vulnerabilities are still present after resolving TEZ-4419?
> [TEZ-UI] uses many vulnerable libraries
> ---------------------------------------
>
> Key: TEZ-4436
> URL: https://issues.apache.org/jira/browse/TEZ-4436
> Project: Apache Tez
> Issue Type: Improvement
> Reporter: PJ Fanning
> Priority: Major
>
> TEZ-4337 might help to start.
> I created a fork of tez in github and enabled dependabot (using security tab). Dozens of issues were found with NPMs that have known vulnerabilities.
> Examples:
> * https://github.com/advisories/GHSA-jf85-cpcp-j695 (loadash)
> * https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
> * https://github.com/advisories/GHSA-wc69-rhjr-hc9g (moment)
> * https://github.com/advisories/GHSA-xvch-5gv4-984h (minimist)
> * https://github.com/advisories/GHSA-34r7-q49f-h37c (uglify-js)
> * many more
--
This message was sent by Atlassian Jira
(v8.20.10#820010)