Skip to content

Fix/issue 266 security updates#269

Open
Om7035 wants to merge 5 commits into
QuoteVote:mainfrom
Om7035:fix/issue-266-security-updates
Open

Fix/issue 266 security updates#269
Om7035 wants to merge 5 commits into
QuoteVote:mainfrom
Om7035:fix/issue-266-security-updates

Conversation

@Om7035
Copy link
Copy Markdown
Collaborator

@Om7035 Om7035 commented Nov 20, 2025

Description

This PR addresses Issue #266 by updating multiple outdated dependencies in both the client and server applications to fix known security vulnerabilities.

Changes

Client (client/package.json)

  • Updated axios to ^1.7.7 (Fixes known vulnerabilities in 0.21.1)
  • Updated lodash to ^4.17.21 (Fixes prototype pollution)
  • Updated moment to ^2.30.1 (Latest version)

Server (server/package.json)

  • Updated mongoose from ^5.9.13 to ^6.12.0 (Major version update for security and features)
  • Updated axios to ^1.7.7
  • Updated lodash to ^4.17.21
  • Removed request dependency (Deprecated and unused in codebase)

Code Changes

  • server/app/server.js: Removed deprecated Mongoose connection options (useNewUrlParser, useUnifiedTopology, etc.) which are no longer needed/supported in Mongoose 6+.

Testing

  • Verified npm install completes successfully in both client and server.
  • Server starts successfully with Mongoose 6.
  • Client builds successfully.

Checklist

  • Updated client/package.json
  • Updated server/package.json
  • Updated server/app/server.js for Mongoose 6 compatibility
  • Removed unused/deprecated dependencies

@Om7035
feat: Add dynamic Open Graph metadata for quote pages (Issue QuoteVot…
cb5f178 
…e#246)

- Created Netlify Edge Function to intercept /post/* routes
- Edge Function fetches quote data from GraphQL API and injects dynamic OG tags
- Added fallback OG image (og-default.jpg) for quotes without images
- Updated index.html with improved default metadata
- Configured netlify.toml to route /post/* through Edge Function

This ensures social media scrapers (iMessage, Slack, Discord, Facebook) see
quote-specific metadata instead of generic site information.
@Om7035
fix: Disable automatic Railway backend switching for Netlify previews
f112a13 
This fixes the 'Connection refused' error on frontend-only PRs where no corresponding Railway backend exists. The preview will now default to the production API.
@Om7035
fix: Address code review feedback for OG metadata
c22902c 
- Use creator avatar for og:image instead of post URL
- Add proper GraphQL error handling in Edge Function
@Om7035
fix: Update dependencies to resolve security vulnerabilities (Issue Q…
12ae4b9 
…uoteVote#266)
@netlify
Copy link
Copy Markdown

netlify Bot commented Nov 20, 2025
edited
Loading

Deploy Preview for quotevote ready!

Name Link
🔨 Latest commit 6669474
🔍 Latest deploy log https://app.netlify.com/projects/quotevote/deploys/69220c75fd5b330008aff4f0
😎 Deploy Preview https://deploy-preview-269--quotevote.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@flyblackbox
Copy link
Copy Markdown
Contributor

flyblackbox commented Nov 24, 2025

Can we merge this one?

@motirebuma / @olivermolina

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Om7035 @flyblackbox