We are using Redash 7 and we have a requirement to upgrade the angular js version from 1.5.8 to 1.7.8, since current version of angular js is found vulnerable in testing. Could you please help us on this topic. Could you please confirm if the application is exploiting vulnerability in v1.5.8
AngularJS Issue #11352 : https://github.com/angular/angular.js/issues/11352
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The $http function within Angular does not perform any security checks using $sce.RESOURCE_URL on the URLs that it receives. This could be leveraged by an attacker to conduct XSS attacks through JSONP callbacks.
AngularJS Issue #16288 : https://github.com/angular/angular.js/issues/16288
AngularJS Issue #11328: https://github.com/angular/angular.js/issues/11328
Thanks and Regards