[
https://issues.apache.org/jira/browse/NIFI-13956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17895705#comment-17895705
]
ASF subversion and git services commented on NIFI-13956:
--------------------------------------------------------
Commit c5a5140ff87c130a9e8578a2390a8d14873d6626 in nifi's branch
refs/heads/main from Matt Gilman
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=c5a5140ff8 ]
NIFI-13956: Upgrading Angular, Angular build tools, and nx. (#9479)
> Upgrade @angular-devkit/build-angular 18.2.11 or later
> ------------------------------------------------------
>
> Key: NIFI-13956
> URL: https://issues.apache.org/jira/browse/NIFI-13956
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core UI
> Affects Versions: 2.0.0-M4, 2.0.0
> Reporter: Dimitri John Ledkov
> Assignee: Matt Gilman
> Priority: Minor
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Can you please upgrade angularjs to latest minor point release as well as
> http_proxy_middleware? Scanners are picking up that there are vulnerabilities.
>
> ```
> xnox@chainguard:/tmp/nifi/nifi-frontend/src/main/frontend$ npm audit
> # npm audit report
>
> http-proxy-middleware 3.0.0 - 3.0.2
> Severity: high
> Denial of service in http-proxy-middleware -
> https://github.com/advisories/GHSA-c7qv-q95q-8v27
> fix available via `npm audit fix --force`
> Will install @angular-devkit/[email protected], which is outside the
> stated dependency range
> node_modules/http-proxy-middleware
> @angular-devkit/build-angular 18.0.0-next.0 - 18.2.9 || 19.0.0-next.0 -
> 19.0.0-next.9
> Depends on vulnerable versions of http-proxy-middleware
> node_modules/@angular-devkit/build-angular
>
> 2 high severity vulnerabilities
>
> To address all issues, run:
> npm audit fix --force
> ```
>
> Note usually dependabot can help with these, and it is a good practice to run
> `npm audit` prior to cutting a release.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
