bito-code-review[bot] commented on code in PR #37434:
URL: https://github.com/apache/superset/pull/37434#discussion_r2734368937
##########
docs/yarn.lock:
##########
@@ -8782,6 +9219,13 @@ js-yaml-loader@^1.2.2:
loader-utils "^1.2.3"
un-eval "^1.2.0"
[email protected]:
Review Comment:
<!-- Bito Reply -->
Your explanation aligns with the PR's changes: [email protected] is added as a
transitive dependency via @apidevtools/json-schema-ref-parser, and the
yarn.lock was regenerated after adding the OpenAPI docs plugins. The
package.json constraint ^4.1.1 allows this version, and yarn resolves it based
on the dependency tree. As for CVE-2025-64718, since it's not verified in the
NVD, it could be a scanner false positive—consider checking official sources or
updating the transitive dependency if possible.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
