Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerable version of Angular js is used by library #341

Open
navalamol opened this issue Feb 8, 2024 · 4 comments
Open

Vulnerable version of Angular js is used by library #341

navalamol opened this issue Feb 8, 2024 · 4 comments

Comments

@navalamol
Copy link

image

@fbaligand
Copy link
Owner

Hi @navalamol,

Thanks for the report.
Well, the problem is that AngularJS 1.8.3 is the very last version of AngularJS.
There is no fix since version 1.8.3.
So I can't update the package to a version that is not vulnerable.

@navalamol
Copy link
Author

navalamol commented Feb 12, 2024

That's true but can we move the library to a stable & vulnerable free Angular version (Angular/core) (https://security.snyk.io/package/npm/@angular%2Fcore).

Recently it has been reported with High vulnerability as well.
https://security.snyk.io/package/npm/angular/1.8.3

Thanks

@fbaligand
Copy link
Owner

Well, AngularJS 1.x and Angular core are not really the same framework.
When Angular 2 has been released, it was a complete rewrite, that needs the user application to be also rewritten. Since then, the numerous major releases added more and more breaking changes.
So it would be a very big work to migrate from AngularJS 1 to latest version of Angular framework.

I think that the day where I will remove AngularJS, I will migrate to ReactJS, that is the framework used by Kibana itself today.

@camreedOCI
Copy link

@fbaligand Any thoughts on when this migration to ReactJS would occur?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants