saml icon indicating copy to clipboard operation
saml copied to clipboard
verified publisher icon crewjam

[Update Request] Update Project EOL component github.com/beevik/etree:v1.1.0

Open anurag-deshpande opened this issue 1 year ago • 0 comments

[Problem Description] We are consuming crewjam/saml version 0.4.14, which is latest as of date. This package is scanned for security vulnerabilities and EOLs by blackduck scanner at our source.

The blackduck scanner has identified a Project EOL component, github.com/beevik/etree:v1.1.0, which is a transitive dependency of crewjam/saml version 0.4.14. This project is not maintained and thus EOLed much earlier.

[Request] We wish to consume all the dependencies which are non-EOLed, to maintain good coding practices. Can this EOLed component be updated by crewjam contributors or replaced with some alternative with similar functionality, to reduce the EOL risk?

Let me know if any more information is needed for this issue.

anurag-deshpande avatar Apr 02 '24 09:04 anurag-deshpande