[
https://issues.apache.org/jira/browse/NIFI-14751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18007622#comment-18007622
]
ASF subversion and git services commented on NIFI-14751:
--------------------------------------------------------
Commit 46aa4f025d52d8c6ccbbe15ba65c1e415a079480 in nifi's branch
refs/heads/main from Rob Fellows
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=46aa4f025d ]
[NIFI-14751] - UI - Resolve vulnerable transitive dependency (koa js) (#10092)
> Resolve vulnerable transitive dependency (koa js)
> -------------------------------------------------
>
> Key: NIFI-14751
> URL: https://issues.apache.org/jira/browse/NIFI-14751
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core UI
> Reporter: Rob Fellows
> Assignee: Rob Fellows
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> There is a Cross-Site Scripting vulnerability in the version of koa.js being
> pulled in.
> [https://github.com/advisories/GHSA-x2rg-q646-7m2v]
>
> Dependabot attempted to fix this
> ([https://github.com/apache/nifi/pull/10087)] but it would require upgrading
> to the latest version of @nx/angular which isn't comatible with some of our
> other dependencies yet (codemirror namely). Will close that PR in favor of a
> more targeted solution.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
