LuciferYang opened a new pull request, #53486: URL: https://github.com/apache/spark/pull/53486
### What changes were proposed in this pull request? This pr fix the following npm vulnerabilities by `npm audit fix` in `ui-test/` directory: ``` # npm audit report glob 10.2.0 - 10.4.5 Severity: high glob CLI: Command injection via -c/--cmd executes matches with shell:true - https://github.com/advisories/GHSA-5j98-mcp5-4vw2 fix available via `npm audit fix` node_modules/glob js-yaml <3.14.2 Severity: moderate js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m fix available via `npm audit fix` node_modules/js-yaml 2 vulnerabilities (1 moderate, 1 high) To address all issues, run: npm audit fix ``` ### Why are the changes needed? Fix npm vulnerabilities in `ui-test/` directory. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? - Pass GitHub Actions - Locally check: ``` cd ui-test npm install --save-dev node --experimental-vm-modules node_modules/.bin/jest ``` then ``` PASS tests/utils.test.js PASS tests/scroll-button.test.js PASS tests/structured-streaming-page.test.js PASS tests/flamegraph.test.js Test Suites: 4 passed, 4 total Tests: 10 passed, 10 total Snapshots: 0 total Time: 1.281 s Ran all test suites. ``` ### Was this patch authored or co-authored using generative AI tooling? No -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
