From bad1be7269688986651cdeffc6d93515b84ca9fc Mon Sep 17 00:00:00 2001
From: Chethan UK <chethan.umesha@tessian.com>
Date: Sat, 4 Jun 2022 23:59:39 +0100
Subject: [PATCH] Airflow UI fix vulnerabilities - Prototype Pollution

---
 airflow/ui/package.json |  5 +++--
 airflow/ui/yarn.lock    | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/airflow/ui/package.json b/airflow/ui/package.json
index 046cc6700f6f5e..c9eb4f7de23159 100644
--- a/airflow/ui/package.json
+++ b/airflow/ui/package.json
@@ -14,7 +14,7 @@
     "@emotion/styled": "^11.1.5",
     "@neutrinojs/copy": "^9.5.0",
     "@vvo/tzdb": "^6.7.0",
-    "axios": "^0.21.2",
+    "axios": "^0.21.3",
     "dayjs": "^1.10.4",
     "dotenv": "^8.2.0",
     "framer-motion": "^3.10.0",
@@ -27,7 +27,8 @@
     "react-router-dom": "^5.2.0",
     "react-select": "^4.3.0",
     "react-table": "^7.7.0",
-    "use-react-router": "^1.0.7"
+    "use-react-router": "^1.0.7",
+    "json-schema": "^0.4.0"
   },
   "devDependencies": {
     "@neutrinojs/eslint": "^9.5.0",
diff --git a/airflow/ui/yarn.lock b/airflow/ui/yarn.lock
index d95ae3d8244d2d..be4697bccd040f 100644
--- a/airflow/ui/yarn.lock
+++ b/airflow/ui/yarn.lock
@@ -2934,10 +2934,10 @@ axe-core@^4.0.2:
   resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.1.3.tgz#64a4c85509e0991f5168340edc4bedd1ceea6966"
   integrity sha512-vwPpH4Aj4122EW38mxO/fxhGKtwWTMLDIJfZ1He0Edbtjcfna/R3YB67yVhezUMzqc3Jr3+Ii50KRntlENL4xQ==
 
-axios@^0.21.2:
-  version "0.21.2"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.2.tgz#21297d5084b2aeeb422f5d38e7be4fbb82239017"
-  integrity sha512-87otirqUw3e8CzHTMO+/9kh/FSgXt/eVDvipijwDtEuwbkySWZ9SBm6VEubmJ/kLKEoLQV/POhxXFb66bfekfg==
+axios@^0.21.3:
+  version "0.21.4"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575"
+  integrity "sha1-xnuQ3AVo5cHPKwuFjEO6KOLtpXU= sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg=="
   dependencies:
     follow-redirects "^1.14.0"
 
@@ -6772,7 +6772,12 @@ json-schema-traverse@^1.0.0:
 json-schema@0.2.3:
   version "0.2.3"
   resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.2.3.tgz#b480c892e59a2f05954ce727bd3f2a4e882f9e13"
-  integrity sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=
+  integrity sha512-a3xHnILGMtk+hDOqNwHzF6e2fNbiMrXZvxKQiEv2MlgQP+pjIOzqAmKYD2mDpXYE/44M7g+n9p2bKkYWDUcXCQ==
+
+json-schema@^0.4.0:
+  version "0.4.0"
+  resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.4.0.tgz#f7de4cf6efab838ebaeb3236474cbba5a1930ab5"
+  integrity sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==
 
 json-stable-stringify-without-jsonify@^1.0.1:
   version "1.0.1"