rfellows opened a new pull request, #10747: URL: https://github.com/apache/nifi/pull/10747
# Summary [NIFI-15444](https://issues.apache.org/jira/browse/NIFI-15444) Address dependabot alert: https://github.com/apache/nifi/security/dependabot/511 This PR eliminates the npm audit issue: ``` # npm audit report @modelcontextprotocol/sdk <1.25.2 Severity: high Anthropic's MCP TypeScript SDK has a ReDoS vulnerability - https://github.com/advisories/GHSA-8r9q-7v3j-jr4g fix available via `npm audit fix` node_modules/@modelcontextprotocol/sdk @angular/cli 20.1.0-next.0 - 20.3.13 || 21.0.0-next.0 - 21.0.4 || >=21.1.0-next.0 Depends on vulnerable versions of @modelcontextprotocol/sdk node_modules/@angular/cli qs <6.14.1 Severity: high qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p fix available via `npm audit fix` node_modules/qs 3 high severity vulnerabilities ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
