[jira] [Created] (ATLAS-5316) ATLAS UI: Dependency version uplift for Atlas React dashboard and documentation site

Wed, 10 Jun 2026 07:19:06 -0700 

Prasad P. Pawar created ATLAS-5316:
--------------------------------------

             Summary: ATLAS UI: Dependency version uplift for Atlas React 
dashboard and documentation site
                 Key: ATLAS-5316
                 URL: https://issues.apache.org/jira/browse/ATLAS-5316
             Project: Atlas
          Issue Type: Bug
          Components: atlas-webui
    Affects Versions: 3.0.0
            Reporter: Prasad P. Pawar
            Assignee: Prasad P. Pawar


This work updates direct and transitive npm dependencies in 
{{dashboard/package.json}} and {{docs/package.json}} (including {{overrides}} 
and lockfiles) to align with upstream recommended releases. The goal is 
improved dependency hygiene, consistent transitive resolution, and alignment 
with current library maintenance guidance—without changing application source 
code.
----
h3. Scope
||Module||Files updated||
|React Dashboard|{{{}dashboard/package.json{}}}, 
{{dashboard/package-lock.json}}|
|Documentation site|{{{}docs/package.json{}}}, {{docs/package-lock.json}}|
|Existing docz patches 
(unchanged)|{{{}docs/patches/html-minifier+4.0.0.patch{}}}, 
{{docs/patches/http-proxy-middleware+0.19.1.patch}}|
----
h3. Dependency change matrix
||Package||Module||Previous version||Updated version||Change type||Why this 
change||Where used in Atlas||Version difference (high level)||Project impact||
|axios|dashboard|1.15.2|1.16.0|Direct dependency + {{overrides}}|Align HTTP 
client with latest stable 1.x release; improves proxy/redirect handling and 
adapter consistency|{{dashboard/src/api/apiMethods/fetchApi.ts}} (main API 
calls); type imports in {{{}QuickSearch.tsx{}}}, {{{}Labels.tsx{}}}, 
{{FormAutocomplete.tsx}}|Improved redirect header handling, proxy credential 
handling, IPv6 hostname normalization in proxy rules; no public API renames|Low 
— browser XHR adapter unchanged for normal UI flows; build and 38 fetchApi unit 
tests pass|
|axios|docs|1.15.2|1.16.0|devDependency + {{overrides}}|Same HTTP client 
alignment for docs tooling|{{docs/theme/components/shared/TeamList/index.js}} 
({{{}axios.get{}}} for team list fetch)|Same as dashboard row|Low — simple GET 
usage only|
|handlebars|dashboard|4.7.8 (transitive via ts-jest)|4.7.9|{{overrides}} 
only|Pin transitive template engine to latest 4.7.x patch|Not used in app 
source — only {{ts-jest}} CLI ({{{}config:init{}}} Jest config template 
generation)|Internal compiler/runtime hardening; stricter AST handling; no 
method renames|None — no imports in dashboard source|
|@babel/preset-env|dashboard|7.28.5|7.29.5|devDependency|Brings updated Babel 
preset used by Jest test pipeline|Jest/Babel test compilation (no runtime UI 
usage)|Updated preset bundle; pulls patched systemjs transform plugin|None — 
tests compile as before|
|@babel/plugin-transform-modules-systemjs|dashboard|7.28.5 
(transitive)|7.29.4|{{overrides}}|Align transitive Babel plugin with preset-env 
7.29.5|Transitive via {{{}@babel/preset-env{}}}; dashboard does not use 
{{modules: "systemjs"}}|Safer handling of untrusted module input during 
compile|None — trusted test/build code only|
|shell-quote|docs|1.7.3|1.8.4|{{overrides}}|Replace previously pinned older 
transitive version with current stable release|Transitive via {{docz}} → 
{{react-dev-utils}} → {{shell-quote.parse()}} on {{REACT_EDITOR}} env var (docz 
dev tooling only)|{{quote()}} validates object-token shapes strictly; 
{{parse()}} behavior unchanged for string inputs|None — not imported in docs 
source|
|html-minifier|docs|3.5.21 / 4.0.0 (mixed transitive)|4.0.0 (unified) + 
existing patch|{{overrides}} + {{patch-package}}|Consolidate to single version; 
apply existing local patch for regex performance hardening|Transitive via 
{{docz}} / {{docz-core}} (docs site build/minification only)|Override removes 
nested 3.5.21; patch limits regex repetition in minifier|Low — docs build-time 
only; patch already applied on postinstall|
|http-proxy-middleware|docs|0.19.1|0.19.1 (unchanged version)|Existing 
{{patch-package}} patch|docz/webpack-dev-server requires 0.19.x; no compatible 
major upgrade without replacing docz|Transitive via {{docz}} → 
{{webpack-dev-server}} (docs dev server only)|Patch wraps micromatch calls to 
avoid unhandled rejection during dev|None for dashboard; docs dev server only|
|tmp|docs|0.0.33 (transitive via patch-package)|0.2.6|{{overrides}}|Align 
temp-file helper to maintained release|Transitive via {{patch-package}} 
postinstall (docs tooling)|Improved path handling in temp file creation 
APIs|None — patch-package uses fixed trusted prefixes|
 
----
h3. package.json changes detail
h4. dashboard/package.json
||Section||Field||Before||After||
|dependencies|{{axios}}|1.15.2|1.16.0|
|devDependencies|{{@babel/preset-env}}|7.28.5|7.29.5|
|overrides|{{handlebars}}|(not set)|4.7.9|
|overrides|{{axios}}|(not set)|1.16.0|
|overrides|{{@babel/plugin-transform-modules-systemjs}}|(not set)|7.29.4|
h4. docs/package.json
||Section||Field||Before||After||
|devDependencies|{{axios}}|1.15.2|1.16.0|
|overrides|{{shell-quote}}|1.7.3|1.8.4|
|overrides|{{axios}}|1.15.2|1.16.0|
|overrides|{{html-minifier}}|(not set)|4.0.0|
|overrides|{{tmp}}|(not set)|0.2.6|
----
h3. Application code impact assessment
||Area||Code changes required?||Notes||
|Dashboard UI / API layer|No|axios public API unchanged ({{{}get{}}}, 
{{{}post{}}}, {{{}isAxiosError{}}}, {{{}AxiosRequestConfig{}}})|
|Dashboard unit tests|No|Jest/Babel pipeline updated; all fetchApi tests pass|
|Docs site theme|No|TeamList axios usage unchanged|
|Docs build / dev server|No|Existing patch-package patches continue to apply on 
{{npm install}}|
|Classic UI (dashboardv2)|Out of scope|Bundled Handlebars 4.7.8 in 
{{dashboardv2/public/js/external_lib/}} is separate from npm overrides|
----
h3. Verification completed
||Check||Result||
|{{dashboard}} production build|Passed|
|{{fetchApi}} unit tests (38)|Passed|
|ESLint|No new errors from dependency changes (4 pre-existing errors in 
untracked cypress files)|
|Resolved versions ({{{}npm ls{}}})|axios 1.16.0, handlebars 4.7.9, shell-quote 
1.8.4, tmp 0.2.6, html-minifier 4.0.0|
----
h3. Out of scope / follow-up
||Item||Reason||
|Replace docz / webpack-dev-server stack|Required for native 
{{http-proxy-middleware}} 2.x upgrade; current 0.19.1 patch mitigates 
dev-server behavior|
|Upgrade dashboardv2 bundled Handlebars|Separate legacy UI bundle, not managed 
by dashboard npm lockfile|
----
h3. Acceptance criteria
 *  {{dashboard/package.json}} and {{dashboard/package-lock.json}} updated as 
per table above
 *  {{docs/package.json}} and {{docs/package-lock.json}} updated as per table 
above
 *  Dashboard build succeeds
 *  Dashboard fetchApi tests pass
 *  Docs {{npm install}} applies existing patches successfully
 *  No application source code changes required



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to