Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVEs in timezonemap package #76

Open
MichaelsJP opened this issue May 25, 2023 · 0 comments
Open

CVEs in timezonemap package #76

MichaelsJP opened this issue May 25, 2023 · 0 comments
Assignees
@aoles

Comments

@MichaelsJP
Copy link
Member

MichaelsJP commented May 25, 2023
edited
Loading

We use the https://github.com/dustin-johnson/timezonemap package. It is long abandoned and slowly picking up vulnerabilities. Either we find a replacement or fork and upgrade the relevant packages ourselves.

Doing PRs to the original repo seems not reasonable due to the devs' inactivity.

Vulnerabilities can be seen here: https://mvnrepository.com/artifact/us.dustinj.timezonemap/timezonemap/4.5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aoles aoles

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

76-cves-in-timezonemap-package GIScience/graphhopper
2 participants
@aoles @MichaelsJP