apolloconfig/apollo

Upgrade vendor libraries to avoid potential security issues

Open

#4016 opened on Oct 7, 2021

View on GitHub
 (11 comments) (0 reactions) (0 assignees)Java (29,769 stars) (10,177 forks)batch import
help wanted

Description

Is your feature request related to a problem? Please describe. The vendor libraries used in apollo are out-dated(Bootstrap v3.3.5, jQuery 2.2.4, AngularJS v1.5.1, etc), which means potential security issues, e.g. https://snyk.io/test/npm/bootstrap/3.3.5

Describe the solution you'd like Upgrade the vendor libraries to recent versions

Contributor guide

Tech stack
javascriptangularjava
Domain
frontend
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
JavaScriptAngularJSdependency management
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
60
Research direction
Investigate the current vendor libraries (likely in a 'vendor' directory or package.json). Check for known vulnerabilities using Snyk or similar tools. Update each library to the latest version while ensuring compatibility with existing code. Test the UI thoroughly after changes, as breaking changes may require code adjustments.