Giters

weld-project / weld

High-performance runtime for data analytics applications

Home Page:https://www.weld.rs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Bump framework versions in Weld probe core

mnriem opened this issue · comments

commented

weld-probe-core-5.0.1.Final.jar should bump the versions of the below mentioned frameworks to resolve the CVEs where possible.

probe.js (pkg:javascript/bootstrap@3.3.1, pkg:javascript/jquery@2.1.1, pkg:javascript/moment.js@2.8.4) : CVE-2017-18214, CVE-2022-24785, CVE-2015-9251, CVE-2016-10735, CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2019-11358, CVE-2019-8331, CVE-2020-11022, CVE-2020-11023, Regular Expression Denial of Service (ReDoS), reDOS - regular expression denial of service