Skip to content

[+] bump webui/react-scripts to v5.0.1 (pinned version)#866

Merged
pashagolub merged 1 commit intomasterfrom
bump-react-scripts
Jul 25, 2025
Merged

[+] bump webui/react-scripts to v5.0.1 (pinned version)#866
pashagolub merged 1 commit intomasterfrom
bump-react-scripts

Conversation

@pashagolub
Copy link
Copy Markdown
Collaborator

@pashagolub pashagolub commented Jul 25, 2025

Add comprehensive resolutions in package.json to force secure versions of all vulnerable dependencies:

  • form-data: ^4.0.0 (fixes the critical vulnerability)
  • postcss: ^8.4.31 (fixes moderate vulnerabilities)
  • serialize-javascript: ^6.0.2 (fixes XSS vulnerabilities)
  • webpack-dev-server: ^5.2.1 (fixes moderate vulnerabilities)
  • brace-expansion: ^2.0.2 (fixes low-severity ReDoS vulnerabilities)
  • path-to-regexp: ^0.1.12 (fixes high-severity ReDoS vulnerability)
  • cookie: ^0.7.0 (fixes low-severity cookie handling vulnerability)
  • on-headers: ^1.1.0 (fixes low-severity header manipulation vulnerability)

@pashagolub
[+] bump webui/react-scripts to v5.0.1 (pinned version)
b144e76 
Add comprehensive resolutions in `package.json` to force secure
versions of all vulnerable dependencies:

- form-data: ^4.0.0 (fixes the critical vulnerability)
- postcss: ^8.4.31 (fixes moderate vulnerabilities)
- serialize-javascript: ^6.0.2 (fixes XSS vulnerabilities)
- webpack-dev-server: ^5.2.1 (fixes moderate vulnerabilities)
- brace-expansion: ^2.0.2 (fixes low-severity ReDoS vulnerabilities)
- path-to-regexp: ^0.1.12 (fixes high-severity ReDoS vulnerability)
- cookie: ^0.7.0 (fixes low-severity cookie handling vulnerability)
- on-headers: ^1.1.0 (fixes low-severity header manipulation vulnerability)
@pashagolub pashagolub self-assigned this Jul 25, 2025
@pashagolub pashagolub added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 25, 2025
@coveralls
Copy link
Copy Markdown

coveralls commented Jul 25, 2025

Pull Request Test Coverage Report for Build 16519383830

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 63.901%
Totals Coverage Status
Change from base Build 16518897025: 0.0%
Covered Lines: 3181
Relevant Lines: 4978
💛 - Coveralls

@pashagolub pashagolub merged commit da626a2 into master Jul 25, 2025
9 checks passed
@pashagolub pashagolub deleted the bump-react-scripts branch July 25, 2025 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pashagolub pashagolub

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pashagolub @coveralls