[
https://issues.apache.org/jira/browse/FLINK-39518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martijn Visser closed FLINK-39518.
----------------------------------
Resolution: Duplicate
> Upgrade web-dashboard dependencies to major remaining npm advisories
> --------------------------------------------------------------------
>
> Key: FLINK-39518
> URL: https://issues.apache.org/jira/browse/FLINK-39518
> Project: Flink
> Issue Type: Sub-task
> Components: Runtime / Web Frontend
> Reporter: Purushottam Sinha
> Priority: Minor
> Attachments: DEPENDENCY_UPGRADES.md
>
>
> Resolve the 31 advisories left after FLINK-39517. All need SemVer-major
> bumps, including both remaining Criticals ({{form-data}}, {{request}}).
>
>
>
>
>
> Three independent subtrees:
>
>
>
>
>
> # *Protractor* — deprecated, unused at runtime; carries both Criticals.
>
>
> Drop it, migrate to {{@angular/build}}, or use {{overrides}}.
> # *Angular* — 20.1.x → 20.3.16+ (clears XSS/XSRF) or jump to 21.
>
>
> # *Build tooling* — {{@angular-devkit/*}}, webpack, vite, rollup; moves
>
>
> as one bundle with the Angular CLI bump.
>
>
>
>
>
> Risk is build/lint regression, not runtime — validate by clicking
>
>
> through job overview, job graph, task manager, logs, and live updates
>
>
> in a browser.
>
>
>
> Done when {{npm audit}} = 0, build + lint pass, dashboard works,
>
>
> {{NOTICE}} regenerated.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
