Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.0.0-M4, 2.0.0
-
None
-
None
Description
Can you please upgrade angularjs to latest minor point release as well as http_proxy_middleware? Scanners are picking up that there are vulnerabilities.
```
xnox@chainguard:/tmp/nifi/nifi-frontend/src/main/frontend$ npm audit
# npm audit report
http-proxy-middleware 3.0.0 - 3.0.2
Severity: high
Denial of service in http-proxy-middleware - https://github.com/advisories/GHSA-c7qv-q95q-8v27
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@18.2.10, which is outside the stated dependency range
node_modules/http-proxy-middleware
@angular-devkit/build-angular 18.0.0-next.0 - 18.2.9 || 19.0.0-next.0 - 19.0.0-next.9
Depends on vulnerable versions of http-proxy-middleware
node_modules/@angular-devkit/build-angular
2 high severity vulnerabilities
To address all issues, run:
npm audit fix --force
```
Note usually dependabot can help with these, and it is a good practice to run `npm audit` prior to cutting a release.
Attachments
Issue Links
- links to
