multiple high and critical issues in `yarn audit`

scality / Arsenal

Common utilities for the open-source Scality S3 project components

Apache License 2.0

15 stars 19 forks source link

multiple high and critical issues in `yarn audit` #1485

Open mrdowns opened 3 years ago

mrdowns commented 3 years ago

When running yarn audit we noticed multiple high and critical issues that have patches available.

We also noticed multiple pull requests that were closed without merging, for example: https://github.com/scality/Arsenal/pull/1258

We're wondering if there's a reason for not merging in those patches, or if you plan to patch these vulnerabilities soon.

Thanks!

miniscruff commented 3 years ago

I have created an internal epic to track these issues to get these resolved as soon as possible. In terms of the PRs being closed without merging, I can not say for sure but we will probably have to close a few as we work through them manually.