Skip to content

Fix npm security vulnerabilities with breaking changes #547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix npm security vulnerabilities with breaking changes #547

wants to merge 1 commit into from

Conversation

aranke
Copy link
Member

@aranke aranke commented Mar 27, 2025

Summary

  • Update Angular to 1.8.3 for improved security
  • Update prismjs to 1.30.0 to fix DOM Clobbering vulnerability
  • Add braces 3.0.3 to fix Uncontrolled resource consumption vulnerability
  • Add body-parser 1.20.3 and other secure dependencies
  • Add other dependencies explicitly with secure versions (nth-check, marked, etc.)

Test plan

  • Package installs correctly with npm install --legacy-peer-deps
  • Application builds properly with webpack
  • Confirmed that the most critical vulnerabilities are addressed

Note: Some vulnerabilities remain as fixing them would require major breaking changes to the application, particularly around Bootstrap v3, Angular, and webpack ecosystem.

🤖 Generated with Claude Code

@aranke
Fix npm security vulnerabilities with breaking changes
c447ae4 
- Update Angular to 1.8.3 (though some vulnerabilities still remain)
- Update prismjs to 1.30.0 to fix DOM Clobbering vulnerability
- Add braces 3.0.3 to fix Uncontrolled resource consumption vulnerability
- Add body-parser 1.20.3 and other secure dependencies
- Ensure webpack build works with updated dependencies

This addresses the most critical vulnerabilities while maintaining
compatibility with the existing codebase.
@aranke aranke requested a review from a team as a code owner March 27, 2025 13:54
@cla-bot cla-bot bot added the cla:yes label Mar 27, 2025
@github-actions GitHub Actions
Copy link
Contributor

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the contributing guide.

1 similar comment
@github-actions GitHub Actions
Copy link
Contributor

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the contributing guide.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cla:yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aranke