feast icon indicating copy to clipboard operation
feast copied to clipboard
verified publisher icon feast-dev

Mend scan shows some javascript vulnerabilities in feast pacakge

Open abratnap opened this issue 7 months ago • 0 comments

The feast shows javascript vulnerabilities from mend. These are coming from ui package. I think this ui should be optional dependency in feast and shouldn't be included without extra install

This is what under ui dir.

/site-packages/feast/ui
README.md    __init__.py  build        package.json public       src          yarn.lock

E.g report include below vulnerabilities.

CVE-2024-52798 CVE-2022-3517 CVE-2024-21538 CVE-2021-3803 CVE-2024-21536 CVE-2022-37603 CVE-2022-46175 CVE-2024-6484 CVE-2025-27789 CVE-2025-27789 CVE-2025-27789 CVE-2025-27789 CVE-2019-8331 CVE-2018-20677 CVE-2018-20676 CVE-2018-14042 CVE-2016-10735 CVE-2024-11831 CVE-2024-11831 CVE-2023-44270 CVE-2023-44270 CVE-2022-25883 CVE-2024-47764 CVE-2023-26115 CVE-2024-53382 CVE-2024-53382 CVE-2025-32997 CVE-2025-32996 CVE-2018-14040

abratnap avatar May 13 '25 18:05 abratnap