shubhM13 opened a new pull request, #240: URL: https://github.com/apache/yunikorn-web/pull/240
… vulnerability) - Upgrade @angular/common from 20.0.1 to 20.3.14 (fixes CVE-2025-66035) - Upgrade all Angular core packages to 20.3.14 - Upgrade @angular/material and @angular/cdk to 20.2.14 (latest available) - Upgrade @angular/build and @angular/cli to 20.3.12 (latest available) - Fix TypeScript strict null check in vertical-bar-chart component - All 50 unit tests passing after upgrade - Verified vulnerability fixed with pnpm audit CVE: CVE-2025-66035 GHSA: GHSA-58c5-g7wp-6w37 Severity: High Issue: Angular XSRF Token Leakage via Protocol-Relative URLs ### What is this PR for? A few sentences describing the overall goals of the pull request's commits. First time? Check out the contributing guide - http://yunikorn.apache.org/community/how_to_contribute ### What type of PR is it? * [ ] - Bug Fix * [ ] - Improvement * [ ] - Feature * [ ] - Documentation * [ ] - Hot Fix * [ ] - Refactoring ### Todos * [ ] - Task ### What is the Jira issue? * Open an issue on Jira https://issues.apache.org/jira/browse/YUNIKORN/ * Put link here, and add [YUNIKORN-*Jira number*] in PR title, eg. `[YUNIKORN-2] Gang scheduling interface parameters` ### How should this be tested? ### Screenshots (if appropriate) ### Questions: * [ ] - The licenses files need update. * [ ] - There is breaking changes for older versions. * [ ] - It needs documentation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
