This is an automated email from the ASF dual-hosted git repository.
mcgilman pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 64e88f6938 NIFI-15444 - Address dependabot alert: qs's arrayLimit
bypass in its bracket notation allows DoS via memory exhaustion (#10747)
64e88f6938 is described below
commit 64e88f69383b5cae41572afe1e06e5c1b1fa5276
Author: Rob Fellows <[email protected]>
AuthorDate: Thu Jan 8 17:14:28 2026 -0500
NIFI-15444 - Address dependabot alert: qs's arrayLimit bypass in its
bracket notation allows DoS via memory exhaustion (#10747)
---
nifi-frontend/src/main/frontend/package-lock.json | 135 ++++++++++++++--------
1 file changed, 88 insertions(+), 47 deletions(-)
diff --git a/nifi-frontend/src/main/frontend/package-lock.json
b/nifi-frontend/src/main/frontend/package-lock.json
index fa8e927906..714dd45903 100644
--- a/nifi-frontend/src/main/frontend/package-lock.json
+++ b/nifi-frontend/src/main/frontend/package-lock.json
@@ -806,19 +806,19 @@
}
},
"node_modules/@angular/cli": {
- "version": "20.3.13",
- "resolved":
"https://registry.npmjs.org/@angular/cli/-/cli-20.3.13.tgz";,
- "integrity":
"sha512-G78I/HDJULloS2LSqfUfbmBlhDCbcWujIRWfuMnGsRf82TyGA2OEPe3IA/F8MrJfeOzPQim2fMyn24MqHL40Vg==",
+ "version": "20.3.14",
+ "resolved":
"https://registry.npmjs.org/@angular/cli/-/cli-20.3.14.tgz";,
+ "integrity":
"sha512-vlvnxyUtPnETl5az+creSPOrcnrZC5mhD5hSGl2WoqhYeyWdyUwsC9KLSy8/5gCH/4TNwtjqeX3Pw0KaAJUoCQ==",
"dev": true,
"license": "MIT",
"dependencies": {
- "@angular-devkit/architect": "0.2003.13",
- "@angular-devkit/core": "20.3.13",
- "@angular-devkit/schematics": "20.3.13",
+ "@angular-devkit/architect": "0.2003.14",
+ "@angular-devkit/core": "20.3.14",
+ "@angular-devkit/schematics": "20.3.14",
"@inquirer/prompts": "7.8.2",
"@listr2/prompt-adapter-inquirer": "3.0.1",
- "@modelcontextprotocol/sdk": "1.24.0",
- "@schematics/angular": "20.3.13",
+ "@modelcontextprotocol/sdk": "1.25.2",
+ "@schematics/angular": "20.3.14",
"@yarnpkg/lockfile": "1.1.0",
"algoliasearch": "5.35.0",
"ini": "5.0.0",
@@ -841,13 +841,13 @@
}
},
"node_modules/@angular/cli/node_modules/@angular-devkit/architect": {
- "version": "0.2003.13",
- "resolved":
"https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.2003.13.tgz";,
- "integrity":
"sha512-JyH6Af6PNC1IHJToColFk1RaXDU87mpPjz7M5sWDfn8bC+KBipw6dSdRkCEuw0D9HY1lZkC9EBV9k9GhpvHjCQ==",
+ "version": "0.2003.14",
+ "resolved":
"https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.2003.14.tgz";,
+ "integrity":
"sha512-dVlWqaYu0PIgHTBu16uYUS6lJOIpXCpOYhPWuYwqdo7a4x2HcagPQ+omUZJTA6kukh7ROpKcRoiy/DsO/DgvUA==",
"dev": true,
"license": "MIT",
"dependencies": {
- "@angular-devkit/core": "20.3.13",
+ "@angular-devkit/core": "20.3.14",
"rxjs": "7.8.2"
},
"engines": {
@@ -857,9 +857,9 @@
}
},
"node_modules/@angular/cli/node_modules/@angular-devkit/core": {
- "version": "20.3.13",
- "resolved":
"https://registry.npmjs.org/@angular-devkit/core/-/core-20.3.13.tgz";,
- "integrity":
"sha512-/D84T1Caxll3I2sRihPDR9UaWBhF50M+tAX15PdP6uSh/TxwAlLl9p7Rm1bD0mPjPercqaEKA+h9a9qLP16hug==",
+ "version": "20.3.14",
+ "resolved":
"https://registry.npmjs.org/@angular-devkit/core/-/core-20.3.14.tgz";,
+ "integrity":
"sha512-hWQVi73aGdIRInJqNia79Yi6SzqEThkfLug3AdZiNuNvYMaxAI347yPQz4f3Dr/i0QuiqRq/T8zfqbr46tfCqg==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -885,13 +885,13 @@
}
},
"node_modules/@angular/cli/node_modules/@angular-devkit/schematics": {
- "version": "20.3.13",
- "resolved":
"https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-20.3.13.tgz";,
- "integrity":
"sha512-hdMKY4rUTko8xqeWYGnwwDYDomkeOoLsYsP6SdaHWK7hpGvzWsT6Q/aIv8J8NrCYkLu+M+5nLiKOooweUZu3GQ==",
+ "version": "20.3.14",
+ "resolved":
"https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-20.3.14.tgz";,
+ "integrity":
"sha512-+Al9QojzTucccSUnJI+9x64Nnuev82eIgIlb1Ov9hLR572SNtjhV7zIXIalphFghEy+SPvynRuvOSc69Otp3Fg==",
"dev": true,
"license": "MIT",
"dependencies": {
- "@angular-devkit/core": "20.3.13",
+ "@angular-devkit/core": "20.3.14",
"jsonc-parser": "3.3.1",
"magic-string": "0.30.17",
"ora": "8.2.0",
@@ -904,14 +904,14 @@
}
},
"node_modules/@angular/cli/node_modules/@schematics/angular": {
- "version": "20.3.13",
- "resolved":
"https://registry.npmjs.org/@schematics/angular/-/angular-20.3.13.tgz";,
- "integrity":
"sha512-ETJ1budKmrkdxojo5QP6TPr6zQZYGxtWWf8NrX1cBIS851zPCmFkKyhSFLZsoksariYF/LP8ljvm8tlcIzt/XA==",
+ "version": "20.3.14",
+ "resolved":
"https://registry.npmjs.org/@schematics/angular/-/angular-20.3.14.tgz";,
+ "integrity":
"sha512-JO37puMXFWN8YWqZZJ/URs8vPJNszZXcIyBnYdKDWTGaAnbOZMu0nzQlOC+h5NM7R5cPQtOpJv0wxEnY6EYI4A==",
"dev": true,
"license": "MIT",
"dependencies": {
- "@angular-devkit/core": "20.3.13",
- "@angular-devkit/schematics": "20.3.13",
+ "@angular-devkit/core": "20.3.14",
+ "@angular-devkit/schematics": "20.3.14",
"jsonc-parser": "3.3.1"
},
"engines": {
@@ -3975,6 +3975,19 @@
"jest-util": ">=25.0.0"
}
},
+ "node_modules/@hono/node-server": {
+ "version": "1.19.7",
+ "resolved":
"https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.7.tgz";,
+ "integrity":
"sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw==",
+ "dev": true,
+ "license": "MIT",
+ "engines": {
+ "node": ">=18.14.1"
+ },
+ "peerDependencies": {
+ "hono": "^4"
+ }
+ },
"node_modules/@humanwhocodes/config-array": {
"version": "0.11.14",
"resolved":
"https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz";,
@@ -6357,12 +6370,13 @@
}
},
"node_modules/@modelcontextprotocol/sdk": {
- "version": "1.24.0",
- "resolved":
"https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.24.0.tgz";,
- "integrity":
"sha512-D8h5KXY2vHFW8zTuxn2vuZGN0HGrQ5No6LkHwlEA9trVgNdPL3TF1dSqKA7Dny6BbBYKSW/rOBDXdC8KJAjUCg==",
+ "version": "1.25.2",
+ "resolved":
"https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.25.2.tgz";,
+ "integrity":
"sha512-LZFeo4F9M5qOhC/Uc1aQSrBHxMrvxett+9KLHt7OhcExtoiRN9DKgbZffMP/nxjutWDQpfMDfP3nkHI4X9ijww==",
"dev": true,
"license": "MIT",
"dependencies": {
+ "@hono/node-server": "^1.19.7",
"ajv": "^8.17.1",
"ajv-formats": "^3.0.1",
"content-type": "^1.0.5",
@@ -6373,6 +6387,7 @@
"express": "^5.0.1",
"express-rate-limit": "^7.5.0",
"jose": "^6.1.1",
+ "json-schema-typed": "^8.0.2",
"pkce-challenge": "^5.0.0",
"raw-body": "^3.0.0",
"zod": "^3.25 || ^4.0",
@@ -14443,9 +14458,9 @@
}
},
"node_modules/body-parser": {
- "version": "2.2.1",
- "resolved":
"https://registry.npmjs.org/body-parser/-/body-parser-2.2.1.tgz";,
- "integrity":
"sha512-nfDwkulwiZYQIGwxdy0RUmowMhKcFVcYXUU7m4QlKYim1rUtg83xm2yjZ40QjDuc291AJjjeSc9b++AWHSgSHw==",
+ "version": "2.2.2",
+ "resolved":
"https://registry.npmjs.org/body-parser/-/body-parser-2.2.2.tgz";,
+ "integrity":
"sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -14455,7 +14470,7 @@
"http-errors": "^2.0.0",
"iconv-lite": "^0.7.0",
"on-finished": "^2.4.1",
- "qs": "^6.14.0",
+ "qs": "^6.14.1",
"raw-body": "^3.0.1",
"type-is": "^2.0.1"
},
@@ -20024,6 +20039,17 @@
"node": ">=0.10.0"
}
},
+ "node_modules/hono": {
+ "version": "4.11.3",
+ "resolved": "https://registry.npmjs.org/hono/-/hono-4.11.3.tgz";,
+ "integrity":
"sha512-PmQi306+M/ct/m5s66Hrg+adPnkD5jiO6IjA7WhWw0gSBSo1EcRegwuI1deZ+wd5pzCGynCcn2DprnE4/yEV4w==",
+ "dev": true,
+ "license": "MIT",
+ "peer": true,
+ "engines": {
+ "node": ">=16.9.0"
+ }
+ },
"node_modules/hosted-git-info": {
"version": "9.0.2",
"resolved":
"https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-9.0.2.tgz";,
@@ -24899,6 +24925,13 @@
"dev": true,
"license": "MIT"
},
+ "node_modules/json-schema-typed": {
+ "version": "8.0.2",
+ "resolved":
"https://registry.npmjs.org/json-schema-typed/-/json-schema-typed-8.0.2.tgz";,
+ "integrity":
"sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA==",
+ "dev": true,
+ "license": "BSD-2-Clause"
+ },
"node_modules/json-stable-stringify-without-jsonify": {
"version": "1.0.1",
"resolved":
"https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz";,
@@ -29293,9 +29326,9 @@
"license": "MIT"
},
"node_modules/qs": {
- "version": "6.14.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz";,
- "integrity":
"sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==",
+ "version": "6.14.1",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz";,
+ "integrity":
"sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
"dev": true,
"license": "BSD-3-Clause",
"dependencies": {
@@ -30562,26 +30595,30 @@
}
},
"node_modules/send": {
- "version": "1.2.0",
- "resolved": "https://registry.npmjs.org/send/-/send-1.2.0.tgz";,
- "integrity":
"sha512-uaW0WwXKpL9blXE2o0bRhoL2EGXIrZxQ2ZQ4mgcfoBxdFmQold+qWsD2jLrfZ0trjKL6vOw0j//eAwcALFjKSw==",
+ "version": "1.2.1",
+ "resolved": "https://registry.npmjs.org/send/-/send-1.2.1.tgz";,
+ "integrity":
"sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==",
"dev": true,
"license": "MIT",
"dependencies": {
- "debug": "^4.3.5",
+ "debug": "^4.4.3",
"encodeurl": "^2.0.0",
"escape-html": "^1.0.3",
"etag": "^1.8.1",
"fresh": "^2.0.0",
- "http-errors": "^2.0.0",
- "mime-types": "^3.0.1",
+ "http-errors": "^2.0.1",
+ "mime-types": "^3.0.2",
"ms": "^2.1.3",
"on-finished": "^2.4.1",
"range-parser": "^1.2.1",
- "statuses": "^2.0.1"
+ "statuses": "^2.0.2"
},
"engines": {
"node": ">= 18"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/express";
}
},
"node_modules/serialize-javascript": {
@@ -30728,9 +30765,9 @@
}
},
"node_modules/serve-static": {
- "version": "2.2.0",
- "resolved":
"https://registry.npmjs.org/serve-static/-/serve-static-2.2.0.tgz";,
- "integrity":
"sha512-61g9pCh0Vnh7IutZjtLGGpTA355+OPn2TyDv/6ivP2h/AdAVX9azsoxmg2/M6nZeQZNYBEwIcsne1mJd9oQItQ==",
+ "version": "2.2.1",
+ "resolved":
"https://registry.npmjs.org/serve-static/-/serve-static-2.2.1.tgz";,
+ "integrity":
"sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -30741,6 +30778,10 @@
},
"engines": {
"node": ">= 18"
+ },
+ "funding": {
+ "type": "opencollective",
+ "url": "https://opencollective.com/express";
}
},
"node_modules/setprototypeof": {
@@ -34622,9 +34663,9 @@
}
},
"node_modules/zod-to-json-schema": {
- "version": "3.25.0",
- "resolved":
"https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.0.tgz";,
- "integrity":
"sha512-HvWtU2UG41LALjajJrML6uQejQhNJx+JBO9IflpSja4R03iNWfKXrj6W2h7ljuLyc1nKS+9yDyL/9tD1U/yBnQ==",
+ "version": "3.25.1",
+ "resolved":
"https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.1.tgz";,
+ "integrity":
"sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA==",
"dev": true,
"license": "ISC",
"peerDependencies": {
