Dimitri John Ledkov created NIFI-13956:
------------------------------------------
Summary: JS dependencies have security vulnerabilities
Key: NIFI-13956
URL: https://issues.apache.org/jira/browse/NIFI-13956
Project: Apache NiFi
Issue Type: Bug
Components: Core UI
Affects Versions: 1.28.0
Reporter: Dimitri John Ledkov
Can you please upgrade angularjs to latest minor point release as well as
http_proxy_middleware? Scanners are picking up that there are vulnerabilities.
```
xnox@chainguard:/tmp/nifi/nifi-frontend/src/main/frontend$ npm audit
# npm audit report
http-proxy-middleware 3.0.0 - 3.0.2
Severity: high
Denial of service in http-proxy-middleware -
https://github.com/advisories/GHSA-c7qv-q95q-8v27
fix available via `npm audit fix --force`
Will install @angular-devkit/[email protected], which is outside the
stated dependency range
node_modules/http-proxy-middleware
@angular-devkit/build-angular 18.0.0-next.0 - 18.2.9 || 19.0.0-next.0 -
19.0.0-next.9
Depends on vulnerable versions of http-proxy-middleware
node_modules/@angular-devkit/build-angular
2 high severity vulnerabilities
To address all issues, run:
npm audit fix --force
```
Note usually dependabot can help with these, and it is a good practice to run
`npm audit` prior to cutting a release.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
