You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by bb...@apache.org on 2022/06/07 18:30:32 UTC

[airflow] branch main updated: Airflow UI fix vulnerabilities - Prototype Pollution (#24201)

This is an automated email from the ASF dual-hosted git repository.

bbovenzi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 5d992a5faa Airflow UI fix vulnerabilities - Prototype Pollution (#24201)
5d992a5faa is described below

commit 5d992a5faace3232d2a2ec143cb8b6ffc3ff3aa0
Author: chethanuk-plutoflume <ch...@tessian.com>
AuthorDate: Tue Jun 7 19:30:02 2022 +0100

    Airflow UI fix vulnerabilities - Prototype Pollution (#24201)
---
 airflow/ui/package.json |  5 +++--
 airflow/ui/yarn.lock    | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/airflow/ui/package.json b/airflow/ui/package.json
index 046cc6700f..c9eb4f7de2 100644
--- a/airflow/ui/package.json
+++ b/airflow/ui/package.json
@@ -14,7 +14,7 @@
     "@emotion/styled": "^11.1.5",
     "@neutrinojs/copy": "^9.5.0",
     "@vvo/tzdb": "^6.7.0",
-    "axios": "^0.21.2",
+    "axios": "^0.21.3",
     "dayjs": "^1.10.4",
     "dotenv": "^8.2.0",
     "framer-motion": "^3.10.0",
@@ -27,7 +27,8 @@
     "react-router-dom": "^5.2.0",
     "react-select": "^4.3.0",
     "react-table": "^7.7.0",
-    "use-react-router": "^1.0.7"
+    "use-react-router": "^1.0.7",
+    "json-schema": "^0.4.0"
   },
   "devDependencies": {
     "@neutrinojs/eslint": "^9.5.0",
diff --git a/airflow/ui/yarn.lock b/airflow/ui/yarn.lock
index d95ae3d824..be4697bccd 100644
--- a/airflow/ui/yarn.lock
+++ b/airflow/ui/yarn.lock
@@ -2934,10 +2934,10 @@ axe-core@^4.0.2:
   resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.1.3.tgz#64a4c85509e0991f5168340edc4bedd1ceea6966"
   integrity sha512-vwPpH4Aj4122EW38mxO/fxhGKtwWTMLDIJfZ1He0Edbtjcfna/R3YB67yVhezUMzqc3Jr3+Ii50KRntlENL4xQ==
 
-axios@^0.21.2:
-  version "0.21.2"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.2.tgz#21297d5084b2aeeb422f5d38e7be4fbb82239017"
-  integrity sha512-87otirqUw3e8CzHTMO+/9kh/FSgXt/eVDvipijwDtEuwbkySWZ9SBm6VEubmJ/kLKEoLQV/POhxXFb66bfekfg==
+axios@^0.21.3:
+  version "0.21.4"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575"
+  integrity "sha1-xnuQ3AVo5cHPKwuFjEO6KOLtpXU= sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg=="
   dependencies:
     follow-redirects "^1.14.0"
 
@@ -6772,7 +6772,12 @@ json-schema-traverse@^1.0.0:
 json-schema@0.2.3:
   version "0.2.3"
   resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13"
-  integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=
+  integrity sha512-a3xHnILGMtk+hDOqNwHzF6e2fNbiMrXZvxKQiEv2MlgQP+pjIOzqAmKYD2mDpXYE/44M7g+n9p2bKkYWDUcXCQ==
+
+json-schema@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.4.0.tgz#f7de4cf6efab838ebaeb3236474cbba5a1930ab5"
+  integrity sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==
 
 json-stable-stringify-without-jsonify@^1.0.1:
   version "1.0.1"