GitHub user drod331 opened a pull request:
https://github.com/apache/zeppelin/pull/3243
[ZEPPELIN-3886] Remove dependency on flatmap-stream 0.1.1
### What is this PR for?
Updated event-stream version to 4.0.1 in zeppelin-web, due to version 3.3.6
containing a malicious dependency that was removed from npmjs.
### What type of PR is it?
[Hot Fix] A fix for the zeppelin-web module so that it won't fail on the
(now) non-existent dependencies.
### Todos
* [X] - Update event-stream version to 4.0.1.
* [X] - Update event-stream resolved to .../event-stream-4.0.1.tgz.
* [X] - Update event-stream integrity to the SHA512 key on
registry.npmjs.org.
* [X] - Remove flatmap-stream 0.1.1 from the requires list.
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-3886
### How should this be tested?
Execute the unit tests
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/drod331/zeppelin zeppelin-web-build-fix
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/3243.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3243
----
commit 901f3305a77827619222c0bc66faeb4393c2d519
Author: Derek Tapley <tapley.derek@...>
Date: 2018-11-29T02:22:25Z
Updated event-stream version to 4.0.1 in zeppelin-web
----
---
