+1 (non-binding)
- Verified checksum and signature
- Build from source codes
- Verified pub/sub
Hideaki Oguni
Yahoo Japan Corp.
Hi Baodi,
I ran npm audit and it has detected the following vulnerabilities:
```
$ npm audit
# npm audit report
json5 <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method -
https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse
+1 (non-binding)
- verified checksums and signatures
- build from source
- verified pub/sub and java functions
- verified stateful functions
Hideaki Oguni
Yahoo Japan Corp.
E-mail: hog...@yahoo-corp.jp
-Original Message-
From: PengHui Li
Reply-To: "dev@pulsar.apache.org"
Date: Sunday,
+1 (non-binding)
- verified checksum and signature
- verified pub/sub
I used
https://dist.apache.org/repos/dist/dev/pulsar/KEYS
to verify signature
because
https://dist.apache.org/repos/dist/release/pulsar/KEYS
does not contain Chris's KEY.
Hideaki Oguni
Yahoo Japan Corp.
E-mail: hog...@yahoo-c
+1 (non-binding)
- verified checksums and signatures
- build from source
- verified pub/sub and java functions
- verified connectors
- verified stateful functions
Hideaki Oguni
Yahoo Japan Corp.
E-mail: hog...@yahoo-corp.jp
-Original Message-
From: Enrico Olivelli
Reply-To: "dev@pulsar
+1 (non-binding)
- verified checksums and signatures
- build from source
- verified pub/sub and java functions
- verified connectors
- verified stateful functions
Hideaki Oguni
Yahoo Japan Corp.
E-mail: hog...@yahoo-corp.jp
-Original Message-
From: Enrico Olivelli
Reply-To: "dev@pulsar
