search

DataONEorg / usgs-triplifier

Official triplification scripts for the USGS including GNIS-LD and NHD
Other
0 stars 0 forks source link

Update Software #3

Closed ThomasThelen closed 3 years ago

ThomasThelen commented 3 years ago

There are a few software/libraries that should be updated.

GDAL 2.4.1

snyk shows a number of vulnerabilities up to GDAL 3.1.0. There's probably a low chance that this is an issue because the triplifier is only run so often-but a still a weak point that should be hardened.

Node node:14-stretch

This is on the last leg of its lifetime and is currently in Maintenance mode. Although recent, we might as well replace it with an active version.

Completed in d72895b5bdff736c94f4bc0966cec7ee7291f7ec

minimist

Dependabot is warning us to upgrade this but isn't issuing a PR. We should update this manually. edit: After looking at this, it's a dependency of a dependency; the parent dependency doesn't have a later version with a fix. The issue looks to be on the lower severity (possible to crash the application).

There's an open pull request here that, if accepted should fix this.

ThomasThelen commented 3 years ago

The security vulnerabilities above have been fixed in #5