[GitHub] [airflow] bbovenzi opened a new pull request #21526: Fix all High Severity npm vulnerabilities

[GitBox]

bbovenzi opened a new pull request #21526:
URL: https://github.com/apache/airflow/pull/21526


   I went through `yarn audit` on `airflow/www` again and found a number of 
vulnerabilities that we can fix easily with updates, resolutions or removing 
that package. Some other fixes would require more work to migrate to a major 
version change or to remove entirely.
   
   |Before |After |
   --- | --- |
   |<img width="349" alt="Screen Shot 2022-02-11 at 1 26 06 PM" 
src="https://user-images.githubusercontent.com/4600967/153649162-911b1898-864a-45bf-9c56-9a9d3b1dd1ad.png";>|<img
 width="352" alt="Screen Shot 2022-02-11 at 1 13 41 PM" 
src="https://user-images.githubusercontent.com/4600967/153649382-13853548-1725-418b-8e3f-5590d3e07428.png";>|
   
   
   ---
   **^ Add meaningful description above**
   
   Read the **[Pull Request 
Guidelines](https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#pull-request-guidelines)**
 for more information.
   In case of fundamental code change, Airflow Improvement Proposal 
([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals))
 is needed.
   In case of a new dependency, check compliance with the [ASF 3rd Party 
License Policy](https://www.apache.org/legal/resolved.html#category-x).
   In case of backwards incompatible changes please leave a note in 
[UPDATING.md](https://github.com/apache/airflow/blob/main/UPDATING.md).
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org