Cherrie Kim created ZEPPELIN-6041:
-------------------------------------
Summary: Update npm dependencies to resolve vulnerabilities in
package.json
Key: ZEPPELIN-6041
URL: https://issues.apache.org/jira/browse/ZEPPELIN-6041
Project: Zeppelin
Issue Type: Improvement
Components: zeppelin-client, zeppelin-web
Reporter: Cherrie Kim
Assignee: Cherrie Kim
Fix For: 0.12.0
This issue aims to address several vulnerabilities found in the dependencies
used by the Zeppelin project. (zeppelin/zeppelin-web)
The vulnerabilities handled here are identified through `npm audit` and are
being resolved by updating the affected packages to their latest secure
versions.
Key dependency updates include:
* body-parser: 1.20.1 → 1.20.2
* cookie: 0.5.0 → 0.6.0
* express: 4.18.2 → 4.19.2
* follow-redirects: 1.15.4 → 1.15.6
* raw-body: 2.5.1 → 2.5.2
* terser-webpack-plugin: 1.4.5 → 1.4.6
Steps (to be) taken:
# Run `npm audit` to identify vulnerabilities.
# Update `package.json` and `package-lock.json` with new dependency versions.
# Reinstall dependencies and verify that the project runs without issues.
# Ensure that no new warnings or errors were introduced.
This issue aims to improve the security and stability of the project.
Any feedback on this issue is welcomed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
