[jira] [Created] (NIFI-14751) Resolve vulnerable transitive dependency (koa js)

Rob Fellows (Jira) Mon, 14 Jul 2025 08:35:10 -0700

Rob Fellows created NIFI-14751:
----------------------------------

             Summary: Resolve vulnerable transitive dependency (koa js)
                 Key: NIFI-14751
                 URL: https://issues.apache.org/jira/browse/NIFI-14751
             Project: Apache NiFi
          Issue Type: Sub-task
          Components: Core UI
            Reporter: Rob Fellows
            Assignee: Rob Fellows



There is a Cross-Site Scripting vulnerability in the version of koa.js being 
pulled in.

[https://github.com/advisories/GHSA-x2rg-q646-7m2v]

 

Dependabot attempted to fix this ([https://github.com/apache/nifi/pull/10087)] 
but it would require upgrading to the latest version of @nx/angular which isn't 
comatible with some of our other dependencies yet (codemirror namely). Will 
close that PR in favor of a more targeted solution.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (NIFI-14751) Resolve vulnerable transitive dependency (koa js)

Reply via email to