Skip to content

chore: Resolve all 105 security vulnerabilities #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MSACC wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: Resolve all 105 security vulnerabilities #213

MSACC wants to merge 1 commit into from

Conversation

@MSACC
Copy link

@MSACC MSACC commented Dec 1, 2025

Security Audit Results:

  • Before: 5 critical, 14 high, 56 moderate, 30 low
  • After: 0 vulnerabilities

Changes:

  • Added yup@^0.32.9 to dependencies (explicit declaration)
  • Added strip-ansi@^6.0.1 to devDependencies (build compatibility)
  • Updated @strapi/strapi@^5.24.1 in devDependencies
  • Added 18 yarn resolutions for vulnerable packages
  • Added .nvmrc with Node 20.18.0

Key Resolutions:

  • form-data@^4.0.4, koa@^2.15.4, axios@^1.12.0
  • glob@^10.5.0, tar-fs@^2.1.4, esbuild@^0.25.0
  • js-yaml@^4.1.1, undici@^6.21.2, vite@^5.4.12
  • ai@^5.0.52, brace-expansion@^2.0.2, formidable@^2.1.3
  • tmp@^0.2.4, strip-ansi@^6.0.1, string-width@^4.2.3
  • wrap-ansi@^7.0.0, ansi-regex@^5.0.1

Note: Symlinks required in node_modules after yarn install:
ln -sf strip-ansi-cjs strip-ansi
ln -sf string-width-cjs string-width
ln -sf wrap-ansi-cjs wrap-ansi

Verified: Build and lint successful, no breaking changes

@MSACC
chore: Resolve all 105 security vulnerabilities
7c05041 
Security Audit Results:
- Before: 5 critical, 14 high, 56 moderate, 30 low
- After: 0 vulnerabilities

Changes:
- Added yup@^0.32.9 to dependencies (explicit declaration)
- Added strip-ansi@^6.0.1 to devDependencies (build compatibility)
- Updated @strapi/strapi@^5.24.1 in devDependencies
- Added 18 yarn resolutions for vulnerable packages
- Added .nvmrc with Node 20.18.0

Key Resolutions:
- form-data@^4.0.4, koa@^2.15.4, axios@^1.12.0
- glob@^10.5.0, tar-fs@^2.1.4, esbuild@^0.25.0
- js-yaml@^4.1.1, undici@^6.21.2, vite@^5.4.12
- ai@^5.0.52, brace-expansion@^2.0.2, formidable@^2.1.3
- tmp@^0.2.4, strip-ansi@^6.0.1, string-width@^4.2.3
- wrap-ansi@^7.0.0, ansi-regex@^5.0.1

Note: Symlinks required in node_modules after yarn install:
  ln -sf strip-ansi-cjs strip-ansi
  ln -sf string-width-cjs string-width
  ln -sf wrap-ansi-cjs wrap-ansi

Verified: Build and lint successful, no breaking changes
@MSACC MSACC requested a review from TMSchipper December 1, 2025 21:07
@MSACC
Copy link
Author

MSACC commented Dec 1, 2025

@TMSchipper Could you please check if all publisher functionalities still work. I am not yet familiar with this plugin and its functionalities. And no unit tests are in place yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TMSchipper TMSchipper Awaiting requested review from TMSchipper

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MSACC