You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "PJ Fanning (Jira)" <ji...@apache.org> on 2022/03/20 01:01:00 UTC
[jira] [Created] (HADOOP-18165) hadoop-yarn-ui has a number of insecure dependencies
PJ Fanning created HADOOP-18165:
-----------------------------------
Summary: hadoop-yarn-ui has a number of insecure dependencies
Key: HADOOP-18165
URL: https://issues.apache.org/jira/browse/HADOOP-18165
Project: Hadoop Common
Issue Type: Bug
Reporter: PJ Fanning
Many of these are rates as critical or high risk vulnerabilities. This list is the tip of the iceberg.
Examples found by dependabot
* https://github.com/advisories/GHSA-35jh-r3h4-6jhm (lodash-es)
* https://github.com/advisories/GHSA-p6mc-m468-83gw (lodash)
* https://github.com/advisories/GHSA-pc58-wgmc-hfjr (mout)
* https://github.com/advisories/GHSA-4rq4-32rv-6wp6 (shelljs)
* https://github.com/advisories/GHSA-5955-9wpr-37jh (tar)
may need to upgrade ember to allow these items above to be updated
* https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
* https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 (socket.io-parser)
* https://github.com/advisories/GHSA-72mh-269x-7mh5 (xmlhttprequest-ssl)
* https://github.com/advisories/GHSA-g78m-2chm-r7qv (websocket-extensions)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org