Dependency thrift@0.10.0 has a vulnerable dependency on ws 0.4.3.2

Question

Dependency thrift@0.10.0 has a vulnerable dependency on ws 0.4.3.2

density215 opened this issue 6 years ago · 1 comments

node-thrift2-hbase has a dependency on thrift@^0.10.0, this should probably be updated to thrift@^0.12.0 to avoid the dependency on ws 0.4.3.2 which has a high risk vulnerability.

Answer 1 · 2019-03-04T17:41:08.000Z

Thanks, the thrift package was updated to version 0.12.