GitHub user drod331 opened a pull request: https://github.com/apache/zeppelin/pull/3243
[ZEPPELIN-3886] Remove dependency on flatmap-stream 0.1.1 ### What is this PR for? Updated event-stream version to 4.0.1 in zeppelin-web, due to version 3.3.6 containing a malicious dependency that was removed from npmjs. ### What type of PR is it? [Hot Fix] A fix for the zeppelin-web module so that it won't fail on the (now) non-existent dependencies. ### Todos * [X] - Update event-stream version to 4.0.1. * [X] - Update event-stream resolved to .../event-stream-4.0.1.tgz. * [X] - Update event-stream integrity to the SHA512 key on registry.npmjs.org. * [X] - Remove flatmap-stream 0.1.1 from the requires list. ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-3886 ### How should this be tested? Execute the unit tests ### Screenshots (if appropriate) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No You can merge this pull request into a Git repository by running: $ git pull https://github.com/drod331/zeppelin zeppelin-web-build-fix Alternatively you can review and apply these changes as the patch at: https://github.com/apache/zeppelin/pull/3243.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #3243 ---- commit 901f3305a77827619222c0bc66faeb4393c2d519 Author: Derek Tapley <tapley.derek@...> Date: 2018-11-29T02:22:25Z Updated event-stream version to 4.0.1 in zeppelin-web ---- ---