Skip to content

chore: fixed vulneribilities#21

Open
contentstackMridul wants to merge 2 commits intomainfrom
vul_fix_12_02_2026
Open

chore: fixed vulneribilities#21
contentstackMridul wants to merge 2 commits intomainfrom
vul_fix_12_02_2026

Conversation

@contentstackMridul
Copy link
Contributor

@contentstackMridul contentstackMridul commented Feb 15, 2026
edited
Loading

Security: Fixed vulnerabilities in dependencies

This PR includes two commits that address security vulnerabilities:

Commit 1: 61cd253 - Lockfile updates

  • Updated package-lock.json to remediate vulnerabilities
  • Bumped resolved versions:
    • axios 1.12.2 → 1.13.5 (fixes CVE-2026-25639: DoS via __proto__ in mergeConfig)
    • follow-redirects 1.15.9 → 1.15.11 (fixes CVE-2024-28849: credential leak)
    • form-data 4.0.4 → 4.0.5
    • lodash 4.17.21 → 4.17.23 (fixes CVE-2025-13465: prototype pollution)
    • qs 6.14.1 → 6.14.2 (fixes CVE-2025-15284: arrayLimit bypass DoS)

Commit 2: 3d8edff - Manifest hardening

  • Updated package.json minimum versions to enforce secure floors:
    • axios ^1.12.0 → ^1.13.5
    • lodash ^4.17.21 → ^4.17.23 (dev dependency)
  • Ensures future installs resolve from patched versions

Validation

  • ✅ All tests pass (44/44)
  • ✅ Lint checks pass
  • npm audit reports 0 vulnerabilities

@contentstackMridul contentstackMridul requested a review from a team as a code owner February 15, 2026 17:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KANE-99 KANE-99 KANE-99 approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@contentstackMridul @KANE-99