Vulnerable version of Angular js is used by library

fbaligand / kibana-enhanced-table

Kibana visualization like a Data Table, but with enhanced features like computed columns, filter bar, and “Split Cols” bucket

Apache License 2.0

308 stars 64 forks source link

Vulnerable version of Angular js is used by library #341

Open navalamol opened 7 months ago

navalamol commented 7 months ago

fbaligand commented 7 months ago

Hi @navalamol,

Thanks for the report. Well, the problem is that AngularJS 1.8.3 is the very last version of AngularJS. There is no fix since version 1.8.3. So I can't update the package to a version that is not vulnerable.

navalamol commented 7 months ago

That's true but can we move the library to a stable & vulnerable free Angular version (Angular/core) (https://security.snyk.io/package/npm/@angular%2Fcore).

Recently it has been reported with High vulnerability as well. https://security.snyk.io/package/npm/angular/1.8.3

Thanks

fbaligand commented 7 months ago

Well, AngularJS 1.x and Angular core are not really the same framework. When Angular 2 has been released, it was a complete rewrite, that needs the user application to be also rewritten. Since then, the numerous major releases added more and more breaking changes. So it would be a very big work to migrate from AngularJS 1 to latest version of Angular framework.

I think that the day where I will remove AngularJS, I will migrate to ReactJS, that is the framework used by Kibana itself today.

camreedOCI commented 4 weeks ago

@fbaligand Any thoughts on when this migration to ReactJS would occur?