qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (Jira)" <j...@apache.org>
Subject [jira] [Commented] (DISPATCH-1741) Update console dependency for yargs-parser to avoid security warning
Date Tue, 04 Aug 2020 16:35:00 GMT

    [ https://issues.apache.org/jira/browse/DISPATCH-1741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17170941#comment-17170941
] 

ASF subversion and git services commented on DISPATCH-1741:
-----------------------------------------------------------

Commit c9bfd071ac2ba5515aaf5e51c7cf224a667210ac in qpid-dispatch's branch refs/heads/dependabot/npm_and_yarn/console/react/patternfly/react-table-4.12.1
from Ernest Allen
[ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=c9bfd07 ]

DISPATCH-1741: Regenerated package-lock.json for console and updated yargs-parser. The previous
version of package-lock.json broke npm test


> Update console dependency for yargs-parser to avoid security warning
> --------------------------------------------------------------------
>
>                 Key: DISPATCH-1741
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1741
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Console
>    Affects Versions: 1.13.0
>            Reporter: Ernest Allen
>            Assignee: Ernest Allen
>            Priority: Major
>             Fix For: 1.13.0
>
>
> A new security vulnerability was identified with the released version of yargs-parser.
> The dependency path is
> react-scripts > webpack-dev-server > yargs > yargs-parser
> Since react-scripts has not been updated to require the version of yargs-parser that
fixes the vulnerability, the package-lock.json file needs to be updated manually to require
yargs-parser version 13.1.2
> See https://github.com/facebook/create-react-app/issues/9033 for a discussion on the
issue with react-scripts.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message