A dependency of rdf-parser-rdfa, green-turtle exports a tests directory which contains code that uses log4j 1.2. While dokieli never runs this code, in this PR, out of an abundance of caution, I am using an override pointing to fork of green-turtle which excludes the tests directory so that potentially vulnerable code is not pulled into the node_modules.
A dependency of
rdf-parser-rdfa,green-turtleexports atestsdirectory which contains code that uses log4j 1.2. While dokieli never runs this code, in this PR, out of an abundance of caution, I am using an override pointing to fork ofgreen-turtlewhich excludes thetestsdirectory so that potentially vulnerable code is not pulled into the node_modules.