Merge branch 'apache:trunk' into trunk #4074
Open
+387
−121
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [express](https://github.com/expressjs/express) from 4.15.2 to 4.21.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md) - [Commits](expressjs/express@4.15.2...4.21.2) --- updated-dependencies: - dependency-name: express dependency-version: 4.21.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ib/views/wfmanager/src/main/resources/ui/express-4.21.2 Actualización de la dependencia Express de la versión 4.15.2 a 4.21.2 en /contrib/views/wfmanager/src/main/resources/ui Este Pull Request realiza una actualización crítica de la librería Express utilizada en el módulo UI del gestor de flujos (wfmanager). La actualización de la versión 4.15.2 a la 4.21.2 incluye correcciones de seguridad, mejoras de rendimiento y compatibilidad con dependencias más recientes. Detalles principales: Motivo: Resolver 2 alertas de seguridad detectadas por Dependabot sobre la versión actual de Express, incluyendo una vulnerabilidad de severidad moderada que puede impactar la estabilidad y seguridad de la aplicación. Impacto: La actualización mejora la seguridad general de la aplicación sin cambios disruptivos en la API, manteniendo la compatibilidad con el código existente. Cambios técnicos: Se reemplaza la versión antigua con la más reciente estable (4.21.2) en el archivo package.json y se actualizan los archivos de lock para asegurar la integridad de las dependencias. Verificación: Se recomienda ejecutar pruebas funcionales y de integración para validar que la actualización no afecta el comportamiento esperado del UI. Beneficios: Mitigación de riesgos de seguridad asociados a vulnerabilidades conocidas en versiones anteriores de Express. Mejor compatibilidad con ecosistemas modernos y futuras actualizaciones. Refuerzo de la política de mantenimiento proactivo de dependencias.
Author
|
retest this please |
Author
|
Hi @apache-ambari-maintainers, Thank you! |
Contributor
|
@zRains cc |
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-30627
…s-directory-viewer/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
…r/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
…b79b9a7c63124 [Snyk] Security upgrade ember-cli-htmlbars from 1.3.5 to 7.0.0
Bumps [com.thoughtworks.xstream:xstream](https://github.com/x-stream/xstream) from 1.4.7 to 1.4.21. - [Release notes](https://github.com/x-stream/xstream/releases) - [Commits](https://github.com/x-stream/xstream/commits) --- updated-dependencies: - dependency-name: com.thoughtworks.xstream:xstream dependency-version: 1.4.21 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…ari-scom/ambari-scom-server/com.thoughtworks.xstream-xstream-1.4.21 Bump com.thoughtworks.xstream:xstream from 1.4.7 to 1.4.21 in /contrib/ambari-scom/ambari-scom-server
…a35eb7698601f [Snyk] Security upgrade ember-cli-htmlbars from 1.3.5 to 7.0.0
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-10734078
…ef6c445584874 [Snyk] Security upgrade org.apache.commons:commons-configuration2 from 2.8.0 to 2.13.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
(Please fill in changes proposed in this fix)
How was this patch tested?
(Please explain how this patch was tested. Ex: unit tests, manual tests)
(If this patch involves UI changes, please attach a screen-shot; otherwise, remove this)
Please review Ambari Contributing Guide before opening a pull request.