Skip to content

RC-154 fix security found by dependabot #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nttg8100 merged 4 commits into from
Jan 9, 2026
Merged

RC-154 fix security found by dependabot #93

nttg8100 merged 4 commits into from
Jan 9, 2026

Conversation

@nttg8100
Copy link
Member

@nttg8100 nttg8100 commented Jan 9, 2026

This pull request updates the frontend/package.json dependencies to improve compatibility, add new features, and address potential security or stability concerns. The most important changes include upgrading existing packages and adding new ones related to code parsing, YAML support, and syntax highlighting.

Dependency upgrades:

  • Updated axios from version ^1.7.7 to ^1.13.2 to ensure the latest features and bug fixes.
  • Updated react-router-dom from version ^6.26.2 to ^7.12.0 for improved routing capabilities and compatibility with React 18.

New dependencies added:

  • Added @babel/runtime to support Babel-transpiled code and polyfills.
  • Added brace-expansion for handling shell-style brace expansion in file paths.
  • Added js-yaml for parsing and serializing YAML files.
  • Added prismjs for syntax highlighting of code blocks.

nttg8100 and others added 2 commits January 10, 2026 00:12
@nttg8100
RC-153 chore improve security (#90)
e88b27b 
* feat: handle server disconnect

* fix: add github token to encrypt

* feat: remove credentails from params in celery

* feat: increase max_length token

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@nttg8100
chore: update dependencies to solve security by legacy npm
b9ed9fa
@nttg8100 nttg8100 requested a review from Copilot January 9, 2026 17:21
Copilot AI reviewed Jan 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses security vulnerabilities identified by Dependabot by updating dependencies in the frontend package.json. The changes include critical package upgrades and the addition of several new dependencies to support enhanced functionality.

Changes:

  • Upgraded axios and react-router-dom to address security concerns
  • Added new dependencies for runtime support, YAML parsing, and syntax highlighting
Files not reviewed (1)
  • frontend/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@nttg8100 nttg8100 merged commit 4c8b9a8 into main Jan 9, 2026
3 checks passed
@nttg8100 nttg8100 deleted the RC-154-fix-security-found-by-dependabot branch January 9, 2026 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nttg8100