Security fix: Update peer dependencies with known vulnerabilities #1149
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 869dbd6.
achowdhry-ripple
changed the title
achowdhry-ripple
changed the title
Patel-Raj
approved these changes
Apr 1, 2025
ckeshava
approved these changes
Apr 2, 2025
mvadari
pushed a commit
that referenced
this pull request
Apr 7, 2025
) <!-- Please include a summary/list of the changes. If too broad, please consider splitting into multiple PRs. --> reduces audit vulnerabilities number from 57 to 33. ran audit, manually upgraded cross-spawn, shell-quote, babel/traverse peer dependencies for security fixes: https://nvd.nist.gov/vuln/detail/CVE-2021-42740 https://nvd.nist.gov/vuln/detail/CVE-2024-21538 https://nvd.nist.gov/vuln/detail/CVE-2023-45133 <!-- Please include the context of a change. If a bug fix, when was the bug introduced? What was the behavior? If a new feature, why was this architecture chosen? What were the alternatives? If a refactor, how is this better than the previous implementation? If there is a design document for this feature, please link it here. --> <!-- Please check relevant options, delete irrelevant ones. --> - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [x] Refactor (non-breaking change that only restructures code) - [ ] Tests (You added tests for code that already exists, or your new feature included in this PR) - [ ] Documentation Updates - [ ] Translation Updates - [ ] Release <!-- In an effort to modernize the codebase, you should convert the files that you work with to React Hooks and TypeScript. If this is not possible (e.g. it's too many changes, touching too many files, etc.) please explain why here. --> - [ ] Updated files to React Hooks - [ ] Updated files to TypeScript <!-- If just refactoring / back-end changes, this can be just an in-English description of the change at a technical level. If a UI change, screenshots should be included. --> <!-- Please describe the tests that you ran to verify your changes and provide instructions so that others can reproduce. --> <!-- For future tasks related to PR. --> --------- Co-authored-by: Chenna Keshava B S <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
High Level Overview of Change
reduces audit vulnerabilities number from 57 to 33.
ran audit, manually upgraded cross-spawn, shell-quote, babel/traverse peer dependencies for security fixes:
https://nvd.nist.gov/vuln/detail/CVE-2021-42740
https://nvd.nist.gov/vuln/detail/CVE-2024-21538
https://nvd.nist.gov/vuln/detail/CVE-2023-45133
Context of Change
Type of Change
TypeScript/Hooks Update
Before / After
Test Plan