Skip to content

chore: update dependencies to resolve security vulnerabilities (npm audit fix) #404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

chore: update dependencies to resolve security vulnerabilities (npm audit fix) #404

wants to merge 2 commits into from

Conversation

Cosm1cBug
Copy link

Summary

This PR updates several outdated and vulnerable dependencies in the forked repository to address issues reported by npm audit.

Changes Made

  • Upgraded dependencies including:
    • react and react-dom to 16.14.0
    • react-scripts to 3.4.4
    • Other packages such as node-fetch, gh-pages, and styled-components
  • Ensured compatibility with the current React 16-based setup.
  • Updated package.json and package-lock.json accordingly.

Motivation

  • Resolve known security vulnerabilities
  • Ensure stable and predictable dependency behavior

Notes

  • Further modernization (React 18, Vite, ESM support) could be considered in a future PR.
  • All tests pass and the app builds successfully after these updates.

Please let me know if any changes or adjustments are required.

Cosm1cBug added 2 commits July 24, 2025 04:10
@Cosm1cBug
Update portfolio.js
409d92c 
Flash screen off
@Cosm1cBug
chore: update dependencies to patch vulnerabilities and improve stabi…
4a8b341 
…lity

- Updated several dependencies to their latest compatible versions:
  - react, react-dom (16.14.0)
  - react-scripts (3.4.4)
  - chart.js, node-fetch, gh-pages, react-bootstrap, styled-components, etc.
- Addressed known vulnerabilities reported by npm audit.
- Maintained compatibility with React 16 ecosystem.
- Recommended future upgrade path: React 18 & CRA 5+ for long-term security and support.
@ashutosh1919 ashutosh1919 requested a review from Copilot July 25, 2025 16:31
Copilot
Copilot AI reviewed Jul 25, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates various npm dependencies to address security vulnerabilities identified by npm audit, focusing on maintaining compatibility with the existing React 16-based setup while resolving known security issues.

  • Updated core React packages (react, react-dom) to latest v16 versions
  • Upgraded vulnerable packages including node-fetch, gh-pages, and other dependencies
  • Updated development dependencies like husky and lint-staged

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Updates dependency versions to resolve security vulnerabilities while maintaining React 16 compatibility
src/portfolio.js Changes splash screen default setting from enabled to disabled

@Cosm1cBug
Copy link
Author

Please don't mind the splash setting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Cosm1cBug