Operational issues with umzug module #701
Comments
|
Please share which dependencies you think are a problem directly on the issue as text or a screenshot. There have been some issue spam/phishing attempts recently I've seen. Umzug is actively developed. |
|
Hi @mmkal ,
These are some of issue but not all dependency packages with issues:
|
|
This seems to be a bug on their end, the last release date is correct but commits have been merged in the last 12 months. Also; this is a bigger issue in the sector. Sometimes projects are feature complete and do not require regular releases. Therefore the risk is a false positive. Packages that do not have releases often might be more stable then packages that do |
|
That being said; we can do a check on the current dependencies that we use and see if we can update to the latest version |
|
I will take a look, but some of these might be coming from ts-command-line. Recently I've been developing trpc-cli which I think would be a good fit. It does have dependencies but no transitive ones. I agree that this report looks inaccurate but I am in favour of moving off ts-command-line anyway. |
Team,
I wanted to point out that Black Duck is flagging operational vulnerabilities with umzug due to a lack of active development. Please update the dependency packages to the latest versions.
Any updates or plans for future development would be greatly appreciated.
Please take a look below report from blackduck and upgrade dependency modules accordingly.
Black Duck.pdf
The text was updated successfully, but these errors were encountered: