[TEZ-4436] [TEZ-UI] uses many vulnerable libraries - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

TEZ-4337 might help to start.

I created a fork of tez in github and enabled dependabot (using security tab). Dozens of issues were found with NPMs that have known vulnerabilities.

Examples:

https://github.com/advisories/GHSA-jf85-cpcp-j695 (loadash)
https://github.com/advisories/GHSA-765h-qjxv-5f44 (handlebars)
https://github.com/advisories/GHSA-wc69-rhjr-hc9g (moment)
https://github.com/advisories/GHSA-xvch-5gv4-984h (minimist)
https://github.com/advisories/GHSA-34r7-q49f-h37c (uglify-js)
many more

Attachments

Issue Links

relates to

TEZ-4337 [TEZ UI] Upgrade to Ember 3

Open

TEZ-4419 Upgrade node and yarn version and fix npm security issues in Tez UI module

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: PJ Fanning

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Jul/22 16:19

Updated:: 19/Jul/22 19:03