You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "PJ Fanning (Jira)" <ji...@apache.org> on 2022/03/20 01:01:00 UTC

[jira] [Created] (HADOOP-18165) hadoop-yarn-ui has a number of insecure dependencies

PJ Fanning created HADOOP-18165:
-----------------------------------

             Summary: hadoop-yarn-ui has a number of insecure dependencies
                 Key: HADOOP-18165
                 URL: https://issues.apache.org/jira/browse/HADOOP-18165
             Project: Hadoop Common
          Issue Type: Bug
            Reporter: PJ Fanning


Many of these are rates as critical or high risk vulnerabilities. This list is the tip of the iceberg.

Examples found by dependabot
* https://github.com/advisories/GHSA-35jh-r3h4-6jhm (lodash-es)
* https://github.com/advisories/GHSA-p6mc-m468-83gw (lodash)
* https://github.com/advisories/GHSA-pc58-wgmc-hfjr (mout)
* https://github.com/advisories/GHSA-4rq4-32rv-6wp6 (shelljs)
* https://github.com/advisories/GHSA-5955-9wpr-37jh (tar)

may need to upgrade ember to allow these items above to be updated

* https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
* https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 (socket.io-parser)
* https://github.com/advisories/GHSA-72mh-269x-7mh5 (xmlhttprequest-ssl)
* https://github.com/advisories/GHSA-g78m-2chm-r7qv (websocket-extensions)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org