From da91a646ef661f23c69996ee0aeec939dab06216 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jul 2026 12:37:22 +0000 Subject: [PATCH 1/3] build(deps): bump js-yaml from 4.2.0 to 5.2.0 in /storm-webapp Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.2.0 to 5.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.2.0...5.2.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 5.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- storm-webapp/package-lock.json | 10 +++++----- storm-webapp/package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/storm-webapp/package-lock.json b/storm-webapp/package-lock.json index 05cc6b2679..9777b69b58 100644 --- a/storm-webapp/package-lock.json +++ b/storm-webapp/package-lock.json @@ -20,7 +20,7 @@ "jquery": "4.0.0", "jquery-blockui": "2.7.0", "js-cookie": "3.0.8", - "js-yaml": "4.2.0", + "js-yaml": "5.2.0", "moment": "2.30.1", "mustache": "4.2.0", "typeahead.js": "0.11.1", @@ -3123,9 +3123,9 @@ "license": "MIT" }, "node_modules/js-yaml": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.2.0.tgz", - "integrity": "sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-5.2.0.tgz", + "integrity": "sha512-YeLUMlvR4Ou1B119LIaM0r65JvbOBooJDc9yEu0dClb/uSC5P4FrLU8OCCz/HXWvtPoIrR0dRzABTjo1sTN9Bw==", "funding": [ { "type": "github", @@ -3141,7 +3141,7 @@ "argparse": "^2.0.1" }, "bin": { - "js-yaml": "bin/js-yaml.js" + "js-yaml": "bin/js-yaml.mjs" } }, "node_modules/jsbn": { diff --git a/storm-webapp/package.json b/storm-webapp/package.json index 1af031636b..3765ad54e3 100644 --- a/storm-webapp/package.json +++ b/storm-webapp/package.json @@ -24,7 +24,7 @@ "jquery": "4.0.0", "jquery-blockui": "2.7.0", "js-cookie": "3.0.8", - "js-yaml": "4.2.0", + "js-yaml": "5.2.0", "moment": "2.30.1", "mustache": "4.2.0", "typeahead.js": "0.11.1", From 2947b4d4a5ee44a5be66f642f0c9333eaeb749e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jul 2026 14:41:37 +0200 Subject: [PATCH 2/3] build(deps): bump netty-tcnative.version (#8821) Bumps `netty-tcnative.version` from 2.0.77.Final to 2.0.80.Final. Updates `io.netty:netty-tcnative` from 2.0.77.Final to 2.0.80.Final - [Release notes](https://github.com/netty/netty-tcnative/releases) - [Commits](https://github.com/netty/netty-tcnative/compare/netty-tcnative-parent-2.0.77.Final...netty-tcnative-parent-2.0.80.Final) Updates `io.netty:netty-tcnative-boringssl-static` from 2.0.77.Final to 2.0.80.Final - [Release notes](https://github.com/netty/netty-tcnative/releases) - [Commits](https://github.com/netty/netty-tcnative/compare/netty-tcnative-parent-2.0.77.Final...netty-tcnative-parent-2.0.80.Final) --- updated-dependencies: - dependency-name: io.netty:netty-tcnative dependency-version: 2.0.80.Final dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.netty:netty-tcnative-boringssl-static dependency-version: 2.0.80.Final dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 452d45f72e..a1c1eaea68 100644 --- a/pom.xml +++ b/pom.xml @@ -100,7 +100,7 @@ 1.5.3 33.6.0-jre 1.1.1 - 2.0.77.Final + 2.0.80.Final 4.2.15.Final 1.0.2 2.26.0 From e2aba7e4c7422e4af9fe3367038964d3d22a26a0 Mon Sep 17 00:00:00 2001 From: Richard Zowalla Date: Wed, 1 Jul 2026 15:41:54 +0200 Subject: [PATCH 3/3] fix(webapp): guard Flux viewer against js-yaml 5.x empty-input throw js-yaml 5.x changed load('') to throw a YAMLException ('expected a document, but the input is empty') instead of returning undefined (see js-yaml migrate_v4_to_v5). The Flux Topology Viewer calls parseAndRender() on page load while the textarea holds only a comment (# YAML Definition), so jsyaml.load() now throws before the existing if(doc==null) guard, surfacing as an uncaught exception that fails the cypress-e2e suite (flux-page.cy.js). Wrap the load in try/catch and treat empty/comment-only or malformed input as 'no document'. Also broaden cypress-tests.yml to run on 2.x so this class of webapp regression is exercised there too (2.x already shipped js-yaml 5.2.0 and carries the same latent bug). --- .github/workflows/cypress-tests.yml | 4 ++-- .../java/org/apache/storm/daemon/ui/WEB-INF/flux.html | 9 ++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cypress-tests.yml b/.github/workflows/cypress-tests.yml index fc2c6007ea..50b71368c7 100644 --- a/.github/workflows/cypress-tests.yml +++ b/.github/workflows/cypress-tests.yml @@ -17,11 +17,11 @@ name: Cypress E2E Tests on: push: - branches: [ "master" ] + branches: [ "master", "2.x" ] paths: - 'storm-webapp/**' pull_request: - branches: [ "master" ] + branches: [ "master", "2.x" ] paths: - 'storm-webapp/**' workflow_dispatch: diff --git a/storm-webapp/src/main/java/org/apache/storm/daemon/ui/WEB-INF/flux.html b/storm-webapp/src/main/java/org/apache/storm/daemon/ui/WEB-INF/flux.html index ad676c17a7..9d86999213 100644 --- a/storm-webapp/src/main/java/org/apache/storm/daemon/ui/WEB-INF/flux.html +++ b/storm-webapp/src/main/java/org/apache/storm/daemon/ui/WEB-INF/flux.html @@ -70,7 +70,14 @@ function parseAndRender() { var input = document.getElementById('taInput').value; - var doc = jsyaml.load(input); + var doc; + try { + doc = jsyaml.load(input); + } catch (e) { + // js-yaml >=5 throws on empty/comment-only input instead of + // returning undefined (see migrate_v4_to_v5); treat as no document. + return; + } if(doc==null){ return; }