[
https://issues.apache.org/jira/browse/AMBARI-25289?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17736985#comment-17736985
]
vanshuhassija commented on AMBARI-25289:
----------------------------------------
In an effort to upgrade libraries to latest versions, we found that ambari-web
is using phantomjs as the testing tool. As you may already know, PhantomJS has
been deprecated, and the last available version lacks support for ES6 features.
Since the package is no longer maintained, future updates introducing new
JavaScript functionalities will likely not be supported.
To address this concern, we initially considered transpiling our code into ES5
using Babel transforms. However, we recognize that this approach would only
provide a temporary solution. It is clear that we need to move towards
alternative tools that can better support the latest JavaScript updates and
maintain compatibility.
One such tool that has gained significant popularity in recent years is
Puppeteer. Developed by the Chrome team at Google, Puppeteer is a robust
Node.js library that offers a high-level API for automating headless Chrome or
Chromium instances. It allows for seamless interaction with web pages,
automated testing, and data scraping.
By transitioning from PhantomJS to a stable testing framework tool, we can
benefit from a modern and actively maintained tool that fully supports ES6 and
provides a wide range of features, including powerful debugging capabilities,
screenshot generation, and PDF rendering. Puppeteer is one of the tool that
boasts extensive documentation and a thriving community, making it a reliable
choice for various web automation tasks.
We understand that migrating from one tool to another can involve effort and
adjustments. However, we firmly believe that this transition is necessary to
ensure the long-term viability and improved JavaScript support of the project.
Please feel free to share your thoughts, suggestions, and any concerns you may
have regarding this transition.
> JQuery version in Ambari has security vulnerabilities
> -----------------------------------------------------
>
> Key: AMBARI-25289
> URL: https://issues.apache.org/jira/browse/AMBARI-25289
> Project: Ambari
> Issue Type: Improvement
> Affects Versions: 2.7.3
> Reporter: Mrudula Madiraju
> Priority: Minor
>
> * [https://hackerone.com/reports/454365]
> * [https://github.com/jquery/jquery/issues/2432]
> Jquery in Ambar UI Web App is at 1.9.0 version
> Per the links above JQuery has vulnerabilities in the lower versions and it
> is better to upgrade to 3.4 at a minimum.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
