#996 Update the dependecy that have high vulnerabilities #1011

Merged

a22erigr merged 1 commit from #996-dependencies-with-high-vulnerabilities into team_2_week_6

2026-05-20 06:17:29 +00:00

b24idalu commented

2026-05-19 13:24:36 +00:00

Collaborator

Regarding issue #996: Update the dependencies that have high vulnerabilities.

Problems: 1. When installing the dependencies by running the install scripts, you can see a list from low to high vulnerabilities. Update the high ones, without making the projects functionality affected.

Solution: 1. Began with running npm audit fix, as suggested. There were still vulnerabilities after having run it with seemingly broken links. Why the links are broken could be because packets do not update anymore, but their dependencies still do. Decided to override those dependencies to newer updates that solve the vulnerability. "nth-check" (used for ':nth-child(2n+1)'), "underscore" (outdated, used before for _.map(), _.filter(), _.flatten(), _.isEqual()) and "serialize-javascript" (values into strings) were overridden.

Regarding issue #996: Update the dependencies that have high vulnerabilities. Problems: 1. When installing the dependencies by running the install scripts, you can see a list from low to high vulnerabilities. Update the high ones, without making the projects functionality affected. Solution: 1. Began with running npm audit fix, as suggested. There were still vulnerabilities after having run it with seemingly broken links. Why the links are broken could be because packets do not update anymore, but their dependencies still do. Decided to override those dependencies to newer updates that solve the vulnerability. "nth-check" (used for ':nth-child(2n+1)'), "underscore" (outdated, used before for _.map(), _.filter(), _.flatten(), _.isEqual()) and "serialize-javascript" (values into strings) were overridden.

b24idalu added 1 commit

2026-05-19 13:24:36 +00:00

Used override and audit fix on high alerts 1254306c2c

Used override on high alerts as well as audit fix

b24idalu self-assigned this

2026-05-19 13:24:45 +00:00

b24idalu added the

needs review

label

2026-05-19 13:25:59 +00:00

a22erigr

2026-05-19 13:39:17 +00:00

added the
Under-review
label
requested review from a24nedka

a24nedka commented

2026-05-19 21:27:29 +00:00

Collaborator

Review on #1011

Whats done

Reviewed dependency updates related to high vulnerabilities.

Tested on Windows 11 using firefox

Verified that the issue focus was addressed by checking the dependency vulnerabilities using npm audit.
Confirmed that the previous HIGH vulnerabilities are no longer present.
App starts
- Tested npm run build successfully.
- Verified that the project functionality was not broken by the dependency updates.

Inspected following files (all files attached)

No issues found in code.
Follows our standard.

What needs to be done

No additional changes required
Issue appears to be fully resolved
HIGH vulnerabilities have been resolved successfully

Conclusion

PR can be merged.

# Review on #1011 ## Whats done Reviewed dependency updates related to high vulnerabilities. ### Tested on Windows 11 using firefox + Verified that the issue focus was addressed by checking the dependency vulnerabilities using npm audit. + Confirmed that the previous HIGH vulnerabilities are no longer present. + App starts + Tested npm run build successfully. + Verified that the project functionality was not broken by the dependency updates. ### Inspected following files (all files attached) + No issues found in code. + Follows our standard. ### What needs to be done + No additional changes required + Issue appears to be fully resolved + HIGH vulnerabilities have been resolved successfully ## Conclusion + PR can be merged. ![image](/attachments/1f7e87d2-f803-4fe6-9f88-8533438f336e)

image.png

5.5 KiB