This is an automated email from the ASF dual-hosted git repository.
yangjie01 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new a5dde0170c6c [SPARK-51546][TESTS] Fix npm vulnerabilities by `npm
audit fix`
a5dde0170c6c is described below
commit a5dde0170c6c24d9c6563b149b7bac439d2cb865
Author: yangjie01 <yangji...@baidu.com>
AuthorDate: Wed Mar 19 11:05:01 2025 +0800
[SPARK-51546][TESTS] Fix npm vulnerabilities by `npm audit fix`
### What changes were proposed in this pull request?
This pr fix the following npm vulnerabilities by `npm audit fix`:
```
# npm audit report
babel/helpers <7.26.10
Severity: moderate
Babel has inefficient RexExp complexity in generated code with .replace
when transpiling named capturing groups -
https://github.com/advisories/GHSA-968p-4wvh-cqc8
fix available via `npm audit fix`
node_modules/babel/helpers
cross-spawn 7.0.0 - 7.0.4
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn -
https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/cross-spawn
micromatch <4.0.8
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch -
https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix`
node_modules/micromatch
3 vulnerabilities (2 moderate, 1 high)
To address all issues, run:
npm audit fix
```
### Why are the changes needed?
Fix npm vulnerabilities
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
- Pass GitHub Actions
- Locally check:
```
cd ui-test
npm install --save-dev
node --experimental-vm-modules node_modules/.bin/jest
```
then
```
npm install --save-dev
added 328 packages, and audited 329 packages in 935ms
34 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
(base) yangjie01MacBook-Pro ui-test % git stauts
git: 'stauts' is not a git command. See 'git --help'.
The most similar command is
status
(base) yangjie01MacBook-Pro ui-test % node --experimental-vm-modules
node_modules/.bin/jest
(node:30602) ExperimentalWarning: VM Modules is an experimental feature and
might change at any time
(Use `node --trace-warnings ...` to show where the warning was created)
PASS tests/flamegraph.test.js
PASS tests/structured-streaming-page.test.js
PASS tests/utils.test.js
Test Suites: 3 passed, 3 total
Tests: 9 passed, 9 total
Snapshots: 0 total
Time: 0.691 s, estimated 1 s
Ran all test suites.
```
### Was this patch authored or co-authored using generative AI tooling?
No
Closes #50309 from LuciferYang/npm-audit-fix.
Authored-by: yangjie01 <yangji...@baidu.com>
Signed-off-by: yangjie01 <yangji...@baidu.com>
---
ui-test/package-lock.json | 255 ++++++++++------------------------------------
1 file changed, 51 insertions(+), 204 deletions(-)
diff --git a/ui-test/package-lock.json b/ui-test/package-lock.json
index f6c2adab3b01..31343ca4ef83 100644
--- a/ui-test/package-lock.json
+++ b/ui-test/package-lock.json
@@ -26,89 +26,20 @@
}
},
"node_modules/@babel/code-frame": {
- "version": "7.22.13",
- "resolved":
"https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.22.13.tgz";,
- "integrity":
"sha512-XktuhWlJ5g+3TJXc5upd9Ks1HutSArik6jf2eAjYFyIOf4ej3RN+184cZbzDvbPnuTJIUhPKKJE3cIsYTiAT3w==",
+ "version": "7.26.2",
+ "resolved":
"https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz";,
+ "integrity":
"sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==",
"dev": true,
+ "license": "MIT",
"dependencies": {
- "@babel/highlight": "^7.22.13",
- "chalk": "^2.4.2"
+ "@babel/helper-validator-identifier": "^7.25.9",
+ "js-tokens": "^4.0.0",
+ "picocolors": "^1.0.0"
},
"engines": {
"node": ">=6.9.0"
}
},
- "node_modules/@babel/code-frame/node_modules/ansi-styles": {
- "version": "3.2.1",
- "resolved":
"https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz";,
- "integrity":
"sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
- "dev": true,
- "dependencies": {
- "color-convert": "^1.9.0"
- },
- "engines": {
- "node": ">=4"
- }
- },
- "node_modules/@babel/code-frame/node_modules/chalk": {
- "version": "2.4.2",
- "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz";,
- "integrity":
"sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
- "dev": true,
- "dependencies": {
- "ansi-styles": "^3.2.1",
- "escape-string-regexp": "^1.0.5",
- "supports-color": "^5.3.0"
- },
- "engines": {
- "node": ">=4"
- }
- },
- "node_modules/@babel/code-frame/node_modules/color-convert": {
- "version": "1.9.3",
- "resolved":
"https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz";,
- "integrity":
"sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
- "dev": true,
- "dependencies": {
- "color-name": "1.1.3"
- }
- },
- "node_modules/@babel/code-frame/node_modules/color-name": {
- "version": "1.1.3",
- "resolved":
"https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz";,
- "integrity":
"sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
- "dev": true
- },
- "node_modules/@babel/code-frame/node_modules/escape-string-regexp": {
- "version": "1.0.5",
- "resolved":
"https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz";,
- "integrity":
"sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
- "dev": true,
- "engines": {
- "node": ">=0.8.0"
- }
- },
- "node_modules/@babel/code-frame/node_modules/has-flag": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz";,
- "integrity":
"sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
- "dev": true,
- "engines": {
- "node": ">=4"
- }
- },
- "node_modules/@babel/code-frame/node_modules/supports-color": {
- "version": "5.5.0",
- "resolved":
"https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz";,
- "integrity":
"sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
- "dev": true,
- "dependencies": {
- "has-flag": "^3.0.0"
- },
- "engines": {
- "node": ">=4"
- }
- },
"node_modules/@babel/compat-data": {
"version": "7.23.3",
"resolved":
"https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.23.3.tgz";,
@@ -278,19 +209,21 @@
}
},
"node_modules/@babel/helper-string-parser": {
- "version": "7.22.5",
- "resolved":
"https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.22.5.tgz";,
- "integrity":
"sha512-mM4COjgZox8U+JcXQwPijIZLElkgEpO5rsERVDJTc2qfCDfERyob6k5WegS14SX18IIjv+XD+GrqNumY5JRCDw==",
+ "version": "7.25.9",
+ "resolved":
"https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz";,
+ "integrity":
"sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==",
"dev": true,
+ "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
},
"node_modules/@babel/helper-validator-identifier": {
- "version": "7.22.20",
- "resolved":
"https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz";,
- "integrity":
"sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==",
+ "version": "7.25.9",
+ "resolved":
"https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz";,
+ "integrity":
"sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==",
"dev": true,
+ "license": "MIT",
"engines": {
"node": ">=6.9.0"
}
@@ -305,109 +238,28 @@
}
},
"node_modules/@babel/helpers": {
- "version": "7.23.2",
- "resolved":
"https://registry.npmjs.org/@babel/helpers/-/helpers-7.23.2.tgz";,
- "integrity":
"sha512-lzchcp8SjTSVe/fPmLwtWVBFC7+Tbn8LGHDVfDp9JGxpAY5opSaEFgt8UQvrnECWOTdji2mOWMz1rOhkHscmGQ==",
- "dev": true,
- "dependencies": {
- "@babel/template": "^7.22.15",
- "@babel/traverse": "^7.23.2",
- "@babel/types": "^7.23.0"
- },
- "engines": {
- "node": ">=6.9.0"
- }
- },
- "node_modules/@babel/highlight": {
- "version": "7.22.20",
- "resolved":
"https://registry.npmjs.org/@babel/highlight/-/highlight-7.22.20.tgz";,
- "integrity":
"sha512-dkdMCN3py0+ksCgYmGG8jKeGA/8Tk+gJwSYYlFGxG5lmhfKNoAy004YpLxpS1W2J8m/EK2Ew+yOs9pVRwO89mg==",
+ "version": "7.26.10",
+ "resolved":
"https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz";,
+ "integrity":
"sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==",
"dev": true,
+ "license": "MIT",
"dependencies": {
- "@babel/helper-validator-identifier": "^7.22.20",
- "chalk": "^2.4.2",
- "js-tokens": "^4.0.0"
+ "@babel/template": "^7.26.9",
+ "@babel/types": "^7.26.10"
},
"engines": {
"node": ">=6.9.0"
}
},
- "node_modules/@babel/highlight/node_modules/ansi-styles": {
- "version": "3.2.1",
- "resolved":
"https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz";,
- "integrity":
"sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
- "dev": true,
- "dependencies": {
- "color-convert": "^1.9.0"
- },
- "engines": {
- "node": ">=4"
- }
- },
- "node_modules/@babel/highlight/node_modules/chalk": {
- "version": "2.4.2",
- "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz";,
- "integrity":
"sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
- "dev": true,
- "dependencies": {
- "ansi-styles": "^3.2.1",
- "escape-string-regexp": "^1.0.5",
- "supports-color": "^5.3.0"
- },
- "engines": {
- "node": ">=4"
- }
- },
- "node_modules/@babel/highlight/node_modules/color-convert": {
- "version": "1.9.3",
- "resolved":
"https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz";,
- "integrity":
"sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
- "dev": true,
- "dependencies": {
- "color-name": "1.1.3"
- }
- },
- "node_modules/@babel/highlight/node_modules/color-name": {
- "version": "1.1.3",
- "resolved":
"https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz";,
- "integrity":
"sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==",
- "dev": true
- },
- "node_modules/@babel/highlight/node_modules/escape-string-regexp": {
- "version": "1.0.5",
- "resolved":
"https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz";,
- "integrity":
"sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
- "dev": true,
- "engines": {
- "node": ">=0.8.0"
- }
- },
- "node_modules/@babel/highlight/node_modules/has-flag": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz";,
- "integrity":
"sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
- "dev": true,
- "engines": {
- "node": ">=4"
- }
- },
- "node_modules/@babel/highlight/node_modules/supports-color": {
- "version": "5.5.0",
- "resolved":
"https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz";,
- "integrity":
"sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+ "node_modules/@babel/parser": {
+ "version": "7.26.10",
+ "resolved":
"https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz";,
+ "integrity":
"sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==",
"dev": true,
+ "license": "MIT",
"dependencies": {
- "has-flag": "^3.0.0"
+ "@babel/types": "^7.26.10"
},
- "engines": {
- "node": ">=4"
- }
- },
- "node_modules/@babel/parser": {
- "version": "7.23.3",
- "resolved":
"https://registry.npmjs.org/@babel/parser/-/parser-7.23.3.tgz";,
- "integrity":
"sha512-uVsWNvlVsIninV2prNz/3lHCb+5CJ+e+IUBfbjToAHODtfGYLfCFuY4AU7TskI+dAKk+njsPiBjq1gKTvZOBaw==",
- "dev": true,
"bin": {
"parser": "bin/babel-parser.js"
},
@@ -593,14 +445,15 @@
}
},
"node_modules/@babel/template": {
- "version": "7.22.15",
- "resolved":
"https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz";,
- "integrity":
"sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==",
+ "version": "7.26.9",
+ "resolved":
"https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz";,
+ "integrity":
"sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==",
"dev": true,
+ "license": "MIT",
"dependencies": {
- "@babel/code-frame": "^7.22.13",
- "@babel/parser": "^7.22.15",
- "@babel/types": "^7.22.15"
+ "@babel/code-frame": "^7.26.2",
+ "@babel/parser": "^7.26.9",
+ "@babel/types": "^7.26.9"
},
"engines": {
"node": ">=6.9.0"
@@ -628,14 +481,14 @@
}
},
"node_modules/@babel/types": {
- "version": "7.23.3",
- "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.3.tgz";,
- "integrity":
"sha512-OZnvoH2l8PK5eUvEcUyCt/sXgr/h+UWpVuBbOljwcrAgUl6lpchoQ++PHGyQy1AtYnVA6CEq3y5xeEI10brpXw==",
+ "version": "7.26.10",
+ "resolved":
"https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz";,
+ "integrity":
"sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==",
"dev": true,
+ "license": "MIT",
"dependencies": {
- "@babel/helper-string-parser": "^7.22.5",
- "@babel/helper-validator-identifier": "^7.22.20",
- "to-fast-properties": "^2.0.0"
+ "@babel/helper-string-parser": "^7.25.9",
+ "@babel/helper-validator-identifier": "^7.25.9"
},
"engines": {
"node": ">=6.9.0"
@@ -1628,10 +1481,11 @@
}
},
"node_modules/cross-spawn": {
- "version": "7.0.3",
- "resolved":
"https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz";,
- "integrity":
"sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+ "version": "7.0.6",
+ "resolved":
"https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz";,
+ "integrity":
"sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
"dev": true,
+ "license": "MIT",
"dependencies": {
"path-key": "^3.1.0",
"shebang-command": "^2.0.0",
@@ -3078,7 +2932,8 @@
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz";,
"integrity":
"sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
- "dev": true
+ "dev": true,
+ "license": "MIT"
},
"node_modules/js-yaml": {
"version": "3.14.1",
@@ -3232,12 +3087,13 @@
"dev": true
},
"node_modules/micromatch": {
- "version": "4.0.5",
- "resolved":
"https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz";,
- "integrity":
"sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+ "version": "4.0.8",
+ "resolved":
"https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz";,
+ "integrity":
"sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
"dev": true,
+ "license": "MIT",
"dependencies": {
- "braces": "^3.0.2",
+ "braces": "^3.0.3",
"picomatch": "^2.3.1"
},
"engines": {
@@ -3883,15 +3739,6 @@
"integrity":
"sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==",
"dev": true
},
- "node_modules/to-fast-properties": {
- "version": "2.0.0",
- "resolved":
"https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz";,
- "integrity":
"sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==",
- "dev": true,
- "engines": {
- "node": ">=4"
- }
- },
"node_modules/to-regex-range": {
"version": "5.0.1",
"resolved":
"https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz";,
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org
