chore: update dependencies to resolve security vulnerabilities (npm audit fix)#404
Open
Cosm1cBug wants to merge 2 commits intoashutosh1919:masterfrom
Open
chore: update dependencies to resolve security vulnerabilities (npm audit fix)#404Cosm1cBug wants to merge 2 commits intoashutosh1919:masterfrom
Cosm1cBug wants to merge 2 commits intoashutosh1919:masterfrom
Conversation
Flash screen off
…lity - Updated several dependencies to their latest compatible versions: - react, react-dom (16.14.0) - react-scripts (3.4.4) - chart.js, node-fetch, gh-pages, react-bootstrap, styled-components, etc. - Addressed known vulnerabilities reported by npm audit. - Maintained compatibility with React 16 ecosystem. - Recommended future upgrade path: React 18 & CRA 5+ for long-term security and support.
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR updates various npm dependencies to address security vulnerabilities identified by npm audit, focusing on maintaining compatibility with the existing React 16-based setup while resolving known security issues.
- Updated core React packages (
react,react-dom) to latest v16 versions - Upgraded vulnerable packages including
node-fetch,gh-pages, and other dependencies - Updated development dependencies like
huskyandlint-staged
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Updates dependency versions to resolve security vulnerabilities while maintaining React 16 compatibility |
| src/portfolio.js | Changes splash screen default setting from enabled to disabled |
Author
|
Please don't mind the splash setting. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates several outdated and vulnerable dependencies in the forked repository to address issues reported by
npm audit.Changes Made
reactandreact-domto16.14.0react-scriptsto3.4.4node-fetch,gh-pages, andstyled-componentspackage.jsonandpackage-lock.jsonaccordingly.Motivation
Notes
Please let me know if any changes or adjustments are required.