this module requires vulnerable sub dependencies via deprecated yasgui-yasqe@2.11.22 dependency

comunica / jQuery-Widget.js

🖼 A jQuery widget to query heterogeneous interfaces using Comunica SPARQL

http://query.linkeddatafragments.org/

MIT License

18 stars 35 forks source link

this module requires vulnerable sub dependencies via deprecated yasgui-yasqe@2.11.22 dependency #114

Closed phivk closed 2 years ago

phivk commented 2 years ago

we deploy a web client, generated via this module with some custom queries and settings, see this repo.

I noticed several dependabot security alerts caused by this module's dependency yasgui-yasqe@2.11.22. When I checked its repo, I found out it is deprecated in favour of https://github.com/TriplyDB/Yasgui.

Not sure how straightforward it is to replace yasgui-yasqe with @triply/yasgui in terms of compatibility, but it seems desirable.

rubensworks commented 2 years ago

Oh, I wasn't aware of the package rename, thanks for reporting!

I guess this should be just a matter of renaming the usages of yasgui here. Feel free to submit a PR for it if you're up for it.

phivk commented 2 years ago

I guess this should be just a matter of renaming the usages of yasgui here.

I am giving this a try but am running into some issues with importing the CSS. I will create a draft PR to discuss.

phivk commented 2 years ago

see this PR: https://github.com/comunica/jQuery-Widget.js/pull/116