You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by "László Bodor (Jira)" <ji...@apache.org> on 2022/07/19 17:30:00 UTC

[jira] [Commented] (TEZ-4436) [TEZ-UI] uses many vulnerable libraries

    [ https://issues.apache.org/jira/browse/TEZ-4436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17568658#comment-17568658 ] 

László Bodor commented on TEZ-4436:
-----------------------------------

thanks for reporting this [~pj.fanning]
can you confirm what vulnerabilities are still present after resolving TEZ-4419?

> [TEZ-UI] uses many vulnerable libraries
> ---------------------------------------
>
>                 Key: TEZ-4436
>                 URL: https://issues.apache.org/jira/browse/TEZ-4436
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> TEZ-4337 might help to start.
> I created a fork of tez in github and enabled dependabot (using security tab). Dozens of issues were found with NPMs that have known vulnerabilities.
> Examples:
> * https://github.com/advisories/GHSA-jf85-cpcp-j695 (loadash)
> * https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
> * https://github.com/advisories/GHSA-wc69-rhjr-hc9g (moment)
> * https://github.com/advisories/GHSA-xvch-5gv4-984h (minimist)
> * https://github.com/advisories/GHSA-34r7-q49f-h37c (uglify-js)
> * many more



--
This message was sent by Atlassian Jira
(v8.20.10#820010)