[ 
https://issues.apache.org/jira/browse/FLINK-39518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martijn Visser closed FLINK-39518.
----------------------------------
    Resolution: Duplicate

> Upgrade web-dashboard dependencies to major remaining npm advisories
> --------------------------------------------------------------------
>
>                 Key: FLINK-39518
>                 URL: https://issues.apache.org/jira/browse/FLINK-39518
>             Project: Flink
>          Issue Type: Sub-task
>          Components: Runtime / Web Frontend
>            Reporter: Purushottam Sinha
>            Priority: Minor
>         Attachments: DEPENDENCY_UPGRADES.md
>
>
> Resolve the 31 advisories left after FLINK-39517. All need SemVer-major
>   bumps, including both remaining Criticals ({{form-data}}, {{request}}).     
>                                                                               
>                                                      
>                                                                               
>                                                                               
>                                                      
>   Three independent subtrees:                                                 
>                                                                               
>                                                      
>                                                                               
>                                                                               
>                                                      
>   # *Protractor* — deprecated, unused at runtime; carries both Criticals.     
>                                                                               
>                                                      
>     Drop it, migrate to {{@angular/build}}, or use {{overrides}}.
>   # *Angular* — 20.1.x → 20.3.16+ (clears XSS/XSRF) or jump to 21.            
>                                                                               
>                                                      
>   # *Build tooling* — {{@angular-devkit/*}}, webpack, vite, rollup; moves     
>                                                                               
>                                                      
>     as one bundle with the Angular CLI bump.                                  
>                                                                               
>                                                      
>                                                                               
>                                                                               
>                                                      
>   Risk is build/lint regression, not runtime — validate by clicking           
>                                                                               
>                                                      
>   through job overview, job graph, task manager, logs, and live updates       
>                                                                               
>                                                      
>   in a browser.                                                               
>                                                                               
>                                                      
>    
>   Done when {{npm audit}} = 0, build + lint pass, dashboard works,            
>                                                                               
>                                                      
>   {{NOTICE}} regenerated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to