Yaroslav created FLINK-39191:
--------------------------------
Summary: Upgrade monaco-editor to 0.55.1 to get rid of DOMPurify
CVEs
Key: FLINK-39191
URL: https://issues.apache.org/jira/browse/FLINK-39191
Project: Flink
Issue Type: Bug
Reporter: Yaroslav
Currently Flink uses monaco-editor of version 0.31.1, which seems to depend on
DOMPurify of version 2.3.1, which is vulnerable by CVE-2024-48910,
CVE-2024-45801, CVE-2024-47875 and CVE-2025-26791.
The latest monaco-editor release, 0.55.1, uses DOMPurify of version 3.2.7,
which is not vulnerable by any of those CVEs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
