graphhopper icon indicating copy to clipboard operation
graphhopper copied to clipboard
verified publisher icon GIScience

CVEs in timezonemap package

Open MichaelsJP opened this issue 2 years ago • 0 comments

We use the https://github.com/dustin-johnson/timezonemap package. It is long abandoned and slowly picking up vulnerabilities. Either we find a replacement or fork and upgrade the relevant packages ourselves.

Doing PRs to the original repo seems not reasonable due to the devs' inactivity.

Vulnerabilities can be seen here: https://mvnrepository.com/artifact/us.dustinj.timezonemap/timezonemap/4.5

MichaelsJP avatar May 25 '23 11:05 MichaelsJP