Wilfred Spiegelenburg created YUNIKORN-3195:
-----------------------------------------------
Summary: update angular for security fixes
Key: YUNIKORN-3195
URL: https://issues.apache.org/jira/browse/YUNIKORN-3195
Project: Apache YuniKorn
Issue Type: Task
Components: security, webapp
Reporter: Wilfred Spiegelenburg
Assignee: Wilfred Spiegelenburg
Dependabot marked 4 CVE impacts on the master branch:
* #138 High
[qs's arrayLimit bypass in its bracket notation allows DoS via memory
exhaustion|https://github.com/apache/yunikorn-web/security/dependabot/138]
* #140 High
[Anthropic's MCP TypeScript SDK has a ReDoS
vulnerability|https://github.com/apache/yunikorn-web/security/dependabot/140]
* #142 High
[Angular has XSS Vulnerability via Unsanitized SVG Script
Attributes|https://github.com/apache/yunikorn-web/security/dependabot/142]
* #141 High
[Angular has XSS Vulnerability via Unsanitized SVG Script
Attributes|https://github.com/apache/yunikorn-web/security/dependabot/141]
Looking at fixing this and backporting into 1.8
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
