Skip to content

Snyk fix 50bf1888dcc96ba4e58c89c63a901cfa #4094

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AndresMaqueo wants to merge 12 commits into
base: trunk
Choose a base branch
from
Open

Snyk fix 50bf1888dcc96ba4e58c89c63a901cfa #4094

AndresMaqueo wants to merge 12 commits into from
+421 −160

Conversation

@AndresMaqueo
Copy link

@AndresMaqueo AndresMaqueo commented Dec 9, 2025

What changes were proposed in this pull request?

(Please fill in changes proposed in this fix)

How was this patch tested?

(Please explain how this patch was tested. Ex: unit tests, manual tests)
(If this patch involves UI changes, please attach a screen-shot; otherwise, remove this)

Please review Ambari Contributing Guide before opening a pull request.

dependabot bot and others added 12 commits August 5, 2025 08:59
@dependabot
Bump express in /contrib/views/wfmanager/src/main/resources/ui
7d9f380 
Bumps [express](https://github.com/expressjs/express) from 4.15.2 to 4.21.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.15.2...4.21.2)

---
updated-dependencies:
- dependency-name: express
  dependency-version: 4.21.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@AndresMaqueo
Merge pull request #1 from AndresMaqueo/dependabot/npm_and_yarn/contr…
7facabc 
…ib/views/wfmanager/src/main/resources/ui/express-4.21.2

Actualización de la dependencia Express de la versión 4.15.2 a 4.21.2 en /contrib/views/wfmanager/src/main/resources/ui

Este Pull Request realiza una actualización crítica de la librería Express utilizada en el módulo UI del gestor de flujos (wfmanager). La actualización de la versión 4.15.2 a la 4.21.2 incluye correcciones de seguridad, mejoras de rendimiento y compatibilidad con dependencias más recientes.

Detalles principales:
Motivo:
Resolver 2 alertas de seguridad detectadas por Dependabot sobre la versión actual de Express, incluyendo una vulnerabilidad de severidad moderada que puede impactar la estabilidad y seguridad de la aplicación.

Impacto:
La actualización mejora la seguridad general de la aplicación sin cambios disruptivos en la API, manteniendo la compatibilidad con el código existente.

Cambios técnicos:
Se reemplaza la versión antigua con la más reciente estable (4.21.2) en el archivo package.json y se actualizan los archivos de lock para asegurar la integridad de las dependencias.

Verificación:
Se recomienda ejecutar pruebas funcionales y de integración para validar que la actualización no afecta el comportamiento esperado del UI.

Beneficios:
Mitigación de riesgos de seguridad asociados a vulnerabilidades conocidas en versiones anteriores de Express.

Mejor compatibilidad con ecosistemas modernos y futuras actualizaciones.

Refuerzo de la política de mantenimiento proactivo de dependencias.
@AndresMaqueo
Merge branch 'apache:trunk' into trunk
ab6ed8c
@snyk-bot
fix: contrib/ambari-scom/metrics-sink/pom.xml to reduce vulnerabilities
bc59e13 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-30627
@snyk-bot
fix: contrib/views/wfmanager/src/main/resources/ui/externaladdons/hdf…
deb3af2 
…s-directory-viewer/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
@snyk-bot
fix: contrib/views/commons/src/main/resources/ui/hdfs-directory-viewe…
6466483 
…r/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
@AndresMaqueo
Merge pull request #20 from AndresMaqueo/snyk-fix-519150a3e101c6487a2…
2208747 
…b79b9a7c63124

[Snyk] Security upgrade ember-cli-htmlbars from 1.3.5 to 7.0.0
@dependabot
Bump com.thoughtworks.xstream:xstream
e080f70 
Bumps [com.thoughtworks.xstream:xstream](https://github.com/x-stream/xstream) from 1.4.7 to 1.4.21.
- [Release notes](https://github.com/x-stream/xstream/releases)
- [Commits](https://github.com/x-stream/xstream/commits)

---
updated-dependencies:
- dependency-name: com.thoughtworks.xstream:xstream
  dependency-version: 1.4.21
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@AndresMaqueo
Merge pull request #22 from AndresMaqueo/dependabot/maven/contrib/amb…
e9586b7 
…ari-scom/ambari-scom-server/com.thoughtworks.xstream-xstream-1.4.21

Bump com.thoughtworks.xstream:xstream from 1.4.7 to 1.4.21 in /contrib/ambari-scom/ambari-scom-server
@AndresMaqueo
Merge pull request #19 from AndresMaqueo/snyk-fix-bcb817bf3685fa49e1f…
c438331 
…a35eb7698601f

[Snyk] Security upgrade ember-cli-htmlbars from 1.3.5 to 7.0.0
@AndresMaqueo
Merge pull request #9 from AndresMaqueo/snyk-fix-a8500577a27b2fb5ff08…
6b88517 
…ba70019f257c
@snyk-bot
fix: ambari-server/pom.xml & ambari-project/pom.xml to reduce vulnera…
a5d0af4 
…bilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGGLASSFISHJERSEYCORE-14049172
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8309135
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-7945490
- https://snyk.io/vuln/SNYK-JAVA-COMESOTERICSOFTWAREYAMLBEANS-5862641
- https://snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748
- https://snyk.io/vuln/SNYK-JAVA-COMMONSLANG-10734077
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-10734078
- https://snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-10259368
- https://snyk.io/vuln/SNYK-JAVA-COMNIMBUSDS-536068
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-8186141
- https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-8186158
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-6457293
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-6254296
- https://snyk.io/vuln/SNYK-JAVA-COMESOTERICSOFTWAREYAMLBEANS-5862642
- https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-8161190
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMINA-174326
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040
- https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152
- https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKLDAP-8398312
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539866
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539867
- https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-3009896
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-6254297
- https://snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518
- https://snyk.io/vuln/SNYK-JAVA-COMMONSNET-3153503
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539865
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366
- https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-8230369
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AndresMaqueo @snyk-bot