[DISPATCH-1741] Update console dependency for yargs-parser to avoid security warning - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.13.0
Fix Version/s: 1.13.0
Component/s: Console
Labels:
None

Description

A new security vulnerability was identified with the released version of yargs-parser.
The dependency path is
react-scripts > webpack-dev-server > yargs > yargs-parser

Since react-scripts has not been updated to require the version of yargs-parser that fixes the vulnerability, the package-lock.json file needs to be updated manually to require yargs-parser version 13.1.2

See https://github.com/facebook/create-react-app/issues/9033 for a discussion on the issue with react-scripts.

Attachments

Activity

People

Assignee:: Ernest Allen

Reporter:: Ernest Allen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Aug/20 14:52

Updated:: 18/Aug/20 01:01

Resolved:: 04/Aug/20 14:58