[Snyk] Fix for 2 vulnerabilities (#19825)

* fix: openmetadata-ui/src/main/resources/ui/package.json & openmetadata-ui/src/main/resources/ui/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585 - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-8722251 * fix the sonar issue --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: Ashish Gupta <ashish@getcollate.io>
2025-12-05 03:54:23 +00:00 · 2025-03-05 16:25:36 +05:30 · 2025-03-05 16:25:36 +05:30 · 1d65c9e656
commit 1d65c9e656
parent d805ec9590
3 changed files with 14 additions and 10 deletions
--- a/openmetadata-ui/src/main/resources/ui/package.json
+++ b/openmetadata-ui/src/main/resources/ui/package.json
@ -52,7 +52,7 @@
    "@fontsource/source-code-pro": "^5.0.0",
    "@github/g-emoji-element": "^1.1.5",
    "@inovua/reactdatagrid-community": "^5.10.2",
-    "@okta/okta-auth-js": "^7.5.0",
+    "@okta/okta-auth-js": "^7.8.1",
    "@okta/okta-react": "^6.4.3",
    "@rjsf/core": "5.15.0",
    "@rjsf/utils": "5.15.0",
--- a/openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/components/Auth/AuthProviders/OktaAuthProvider.tsx
@ -34,7 +34,7 @@ export const OktaAuthProvider: FunctionComponent<Props> = ({
 }: Props) => {
  const { authConfig } = useApplicationStore();
  const { clientId, issuer, redirectUri, scopes, pkce } =
-    authConfig as OktaAuthOptions;
+    authConfig as unknown as OktaAuthOptions;

  const oktaAuth = useMemo(
    () =>
--- a/openmetadata-ui/src/main/resources/ui/yarn.lock
+++ b/openmetadata-ui/src/main/resources/ui/yarn.lock
@ -2910,10 +2910,10 @@
    "@nodelib/fs.scandir" "2.1.5"
    fastq "^1.6.0"

-"@okta/okta-auth-js@^7.5.0":
-  version "7.5.0"
-  resolved "https://registry.yarnpkg.com/@okta/okta-auth-js/-/okta-auth-js-7.5.0.tgz#7cb3816058afdb6e8e12b4e9c232006a2b6c7b95"
-  integrity sha512-1pPC8xCJ9JuxSI53XJMZuqNtYLJxrgHC1zFLzI+C3STbm75GVl1e5yxBDTFBkEnU+Il6PWX7AQpok74w/XFWfA==
+"@okta/okta-auth-js@^7.8.1":
+  version "7.10.1"
+  resolved "https://registry.yarnpkg.com/@okta/okta-auth-js/-/okta-auth-js-7.10.1.tgz#d72365ce126bc8a4c92c6620fd52807c17fd13bc"
+  integrity sha512-xCjSlz0G1StNCbSJjyX8e2dq38miW7fprOhaf51QXqPUQMnV1tjwvjRDUF20mtkaRio1ObsnqcKI4xXPA3YYew==
  dependencies:
    "@babel/runtime" "^7.12.5"
    "@peculiar/webcrypto" "^1.4.0"
@ -2921,11 +2921,10 @@
    atob "^2.1.2"
    broadcast-channel "~5.3.0"
    btoa "^1.2.1"
-    core-js "^3.6.5"
+    core-js "^3.39.0"
    cross-fetch "^3.1.5"
    fast-text-encoding "^1.0.6"
    js-cookie "^3.0.1"
-    jsonpath-plus "^6.0.1"
    node-cache "^5.1.2"
    p-cancelable "^2.0.0"
    tiny-emitter "1.1.0"
@ -6473,7 +6472,7 @@ core-js@^2.6.5:
  resolved "https://registry.yarnpkg.com/core-js/-/core-js-2.6.12.tgz#d9333dfa7b065e347cc5682219d6f690859cc2ec"
  integrity sha512-Kb2wC0fvsWfQrgk8HU5lW6U/Lcs8+9aaYcy4ZFc6DDlo4nZ7n70dEgE5rtR0oG6ufKDUnrwfWL1mXR5ljDatrQ==

-core-js@^3.20.3, core-js@^3.6.5:
+core-js@^3.20.3:
  version "3.21.1"
  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.21.1.tgz#f2e0ddc1fc43da6f904706e8e955bc19d06a0d94"
  integrity sha512-FRq5b/VMrWlrmCzwRrpDYNxyHP9BcAZC+xHJaqTgIE5091ZV1NTmyh0sGOg5XqpnHvR0svdy0sv1gWA1zmhxig==
@ -6483,6 +6482,11 @@ core-js@^3.23.5:
  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.38.1.tgz#aa375b79a286a670388a1a363363d53677c0383e"
  integrity sha512-OP35aUorbU3Zvlx7pjsFdu1rGNnD4pgw/CWoYzRY3t2EzoVT7shKHY1dlAy3f41cGIO7ZDPQimhGFTlEYkG/Hw==

+core-js@^3.39.0:
+  version "3.40.0"
+  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.40.0.tgz#2773f6b06877d8eda102fc42f828176437062476"
+  integrity sha512-7vsMc/Lty6AGnn7uFpYT56QesI5D2Y/UkgKounk87OP9Z2H9Z8kj6jzcSGAxFmUtDOS0ntK6lbQz+Nsa0Jj6mQ==
+
 core-js@^3.8.3:
  version "3.16.1"
  resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.16.1.tgz#f4485ce5c9f3c6a7cb18fa80488e08d362097249"
@ -10036,7 +10040,7 @@ jsonify@^0.0.1:
  resolved "https://registry.yarnpkg.com/jsonify/-/jsonify-0.0.1.tgz#2aa3111dae3d34a0f151c63f3a45d995d9420978"
  integrity sha512-2/Ki0GcmuqSrgFyelQq9M05y7PS0mEwuIzrf3f1fPqkVDVRvZrPZtVSMHxdgo8Aq0sxAOb/cr2aqqA3LeWHVPg==

-jsonpath-plus@10.3.0, jsonpath-plus@^6.0.1:
+jsonpath-plus@10.3.0:
  version "10.3.0"
  resolved "https://registry.yarnpkg.com/jsonpath-plus/-/jsonpath-plus-10.3.0.tgz#59e22e4fa2298c68dfcd70659bb47f0cad525238"
  integrity sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==