Multiple javascript library versions with security vulnurabilities in h2o-core

h2oai / h2o-3

H2O is an Open Source, Distributed, Fast & Scalable Machine Learning Platform: Deep Learning, Gradient Boosting (GBM) & XGBoost, Random Forest, Generalized Linear Modeling (GLM with Elastic Net), K-Means, PCA, Generalized Additive Models (GAM), RuleFit, Support Vector Machine (SVM), Stacked Ensembles, Automatic Machine Learning (AutoML), etc.

http://h2o.ai

Apache License 2.0

6.89k stars 1.99k forks source link

Multiple javascript library versions with security vulnurabilities in h2o-core #8070

Open exalate-issue-sync[bot] opened 1 year ago

exalate-issue-sync[bot] commented 1 year ago

We are using h2o-core, version 3.28.1.2, and on a security scan we are finding that the produced jar contains javascript libraries which have open security issues. The list is as follows: moment 2.2.1 jquery 1.8.3 org.webjars bootstrap 2.3.1 org.webjars typeahead.js 0.9.3

I was unable to see in the code where these dependencies were coming in.

Could these dependencies be updated?

h2o-ops commented 1 year ago

JIRA Issue Migration Info

Jira Issue: PUBDEV-7568 Assignee: New H2O Bugs Reporter: Ben Everest State: Open Fix Version: N/A Attachments: N/A Development PRs: N/A