[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Status of texinfo/js/yarn.lock ?
|
From: |
Hilmar Preuße |
|
Subject: |
Re: Status of texinfo/js/yarn.lock ? |
|
Date: |
Tue, 15 Nov 2022 21:22:36 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 |
Am 13.11.2022 um 10:43 teilte Gavin Smith mit:
On Sun, Nov 13, 2022 at 10:22:23AM +0100, Hilmar Preuße wrote:
Hi,
hopefully this is not a FAQ, but I found nothing in the archive.
What is the status of the code sitting in subdir "js"? To me this code
looks quite unmaintained. I'm just asking, b/c the dependabot [1]
reports a lot of vulnerabilities in js/yarn.lock.
[1] https://github.com/debian-tex/texinfo/security/dependabot
That page reports a 404.
Probably b/c you were not logged in into github. Sorry, I wasn't aware
of this.
I'm aware that the are
mostly sitting in external referenced modules.
Does that mean that those modules need to be fixed (not our problem),
or that our module references need to be updated somehow?
AFAI understood the bot complains about references to vulnerable module
versions. I noticed that you removed the files today, so the issue
should be solved.
Many thanks,
Hilmar
--
sigfault
- Status of texinfo/js/yarn.lock ?, Hilmar Preuße, 2022/11/13
- Re: info.js demo on Texinfo manual updated on website, Per Bothner, 2022/11/18
- Re: info.js demo on Texinfo manual updated on website, Patrice Dumas, 2022/11/19
- Re: info.js demo on Texinfo manual updated on website, Gavin Smith, 2022/11/27
- Re: info.js demo on Texinfo manual updated on website, Per Bothner, 2022/11/27
- Re: info.js demo on Texinfo manual updated on website, Per Bothner, 2022/11/27