Skip to content

fix(deps): resolve npm audit vulnerabilities (10 → 2)#6

Closed
gauthamp10 wants to merge 1 commit into
mainfrom
feature/secfixes
Closed

fix(deps): resolve npm audit vulnerabilities (10 → 2)#6
gauthamp10 wants to merge 1 commit into
mainfrom
feature/secfixes

Conversation

@gauthamp10

Copy link
Copy Markdown
Owner
  • Upgrade eslint-plugin-react-hooks ^7.0.1 → ^7.1.0 (adds eslint ^10 support)
  • npm audit fix: patch lodash, picomatch, postcss, react-router, undici, brace-expansion, @babel/core, and 30+ transitive dependencies
  • Remaining 2 vulns are esbuild/vite dev-server only (requires vite 5→8 major upgrade); zero production impact since nginx serves static files

- Upgrade eslint-plugin-react-hooks ^7.0.1 → ^7.1.0 (adds eslint ^10 support)
- npm audit fix: patch lodash, picomatch, postcss, react-router, undici,
  brace-expansion, @babel/core, and 30+ transitive dependencies
- Remaining 2 vulns are esbuild/vite dev-server only (requires vite 5→8
  major upgrade); zero production impact since nginx serves static files
@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

@gauthamp10 gauthamp10 closed this Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant