Open navalamol opened 7 months ago
Hi @navalamol,
Thanks for the report. Well, the problem is that AngularJS 1.8.3 is the very last version of AngularJS. There is no fix since version 1.8.3. So I can't update the package to a version that is not vulnerable.
That's true but can we move the library to a stable & vulnerable free Angular version (Angular/core) (https://security.snyk.io/package/npm/@angular%2Fcore).
Recently it has been reported with High vulnerability as well. https://security.snyk.io/package/npm/angular/1.8.3
Thanks
Well, AngularJS 1.x and Angular core are not really the same framework. When Angular 2 has been released, it was a complete rewrite, that needs the user application to be also rewritten. Since then, the numerous major releases added more and more breaking changes. So it would be a very big work to migrate from AngularJS 1 to latest version of Angular framework.
I think that the day where I will remove AngularJS, I will migrate to ReactJS, that is the framework used by Kibana itself today.
@fbaligand Any thoughts on when this migration to ReactJS would occur?