Dependency thrift@0.10.0 has a vulnerable dependency on ws 0.4.3.2
density215 opened this issue · 1 comments
density215 commented
node-thrift2-hbase has a dependency on thrift@^0.10.0, this should probably be updated to thrift@^0.12.0 to avoid the dependency on ws 0.4.3.2 which has a high risk vulnerability.
eranbetzalel commented
Thanks, the thrift package was updated to version 0.12.