Purushottam Sinha created FLINK-39517:
-----------------------------------------
Summary: Resolve SemVer-compatible npm advisories in
web-dashboard
Key: FLINK-39517
URL: https://issues.apache.org/jira/browse/FLINK-39517
Project: Flink
Issue Type: Sub-task
Components: Runtime / Web Frontend
Reporter: Purushottam Sinha
Description:
`npm audit` on flink-runtime-web/web-dashboard currently reports 55 advisories
(2 critical, 30 high, 17 moderate, 6 low). A subset can be resolved without any
package.json changes by running `npm audit fix`, which bumps transitives within
the existing SemVer ranges.
Task:
apply `npm audit fix --registry=https://registry.npmjs.org/` `build` and `npm
run lint` still pass and the dashboard renders correctly against a running
JobManager.
Scope: lockfile-only changes. Any advisory that requires a major-version bump
is out of scope and will be handled in a follow-up ticket.
Acceptance:
* package-lock.json updated, package.json untouched
* `npm run build` and `npm run lint` pass
* `npm audit` severity counts drop for all findings whose patches fall within
the currently declared SemVer ranges
* Dashboard smoke-tested in a browser
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
