[jira] [Updated] (NIFI-15852) Upgrade nifi-frontend dependencies for dependabot alerts

Rob Fellows (Jira) Thu, 16 Apr 2026 08:53:06 -0700


     [ 
https://issues.apache.org/jira/browse/NIFI-15852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rob Fellows updated NIFI-15852:
-------------------------------
    Fix Version/s: 2.10.0
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Upgrade nifi-frontend dependencies for dependabot alerts
> --------------------------------------------------------
>
>                 Key: NIFI-15852
>                 URL: https://issues.apache.org/jira/browse/NIFI-15852
>             Project: Apache NiFi
>          Issue Type: Task
>          Components: Core UI
>            Reporter: Matt Gilman
>            Assignee: Matt Gilman
>            Priority: Major
>             Fix For: 2.10.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> # npm audit report
> dompurify  <=3.3.3
> Severity: moderate
> DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit 
> evaluation - https://github.com/advisories/GHSA-39q2-94rc-95cp
> fix available via `npm audit fix`
> node_modules/dompurify
> follow-redirects  <=1.15.11
> Severity: moderate
> follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect 
> Targets - https://github.com/advisories/GHSA-r4q5-vmmm-2653
> fix available via `npm audit fix`
> node_modules/follow-redirects
> hono  <4.12.14
> Severity: moderate
> hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx 
> SSR - https://github.com/advisories/GHSA-458j-xx4x-4375
> fix available via `npm audit fix`
> node_modules/hono



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (NIFI-15852) Upgrade nifi-frontend dependencies for dependabot alerts

Reply via email to