Tracker: snyk security issues
ibgreen opened this issue · comments
Ib Green commented
Potential security issue (of various severity) reported by the snyk scanner run on application built on loaders.gl.
- fast-xml-parse > 4.1.2 #2537 - Fixed in 3.4.9
- @xmldom/xlmdom > 0.7.7 #2580 - Targeted for 3.4.10
- jpeg-js > 0.4.4. Indirect dependency, yarn.lock or kepler.gl resolution pin issue? -
- request: no resolution - used by jpeg-js. One possible solution is to replace jpeg-js with squoosh.
- qs - various resolutions for each minor version - At least for loaders, yarn.lock refresh should be sufficient.
- json-schema - this is just a dev dependency coming in through
coveralls
viaocular-dev-tools