Whenever I push I commit to github it warns that there are lots of vulnerabilities in dependencies. When I look at those mostly they are in .js files pulled in by the yarn ui.
Is there any active work keeping these dependencies up to date? I am thinking of doing a new hadoop release this summer off branch-3.3, it would be really good to not have these known vulnerabilities in. steve
