Skip to content

refactor(chore): fix audit vulnerability #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yeshamavani merged 1 commit into from
Dec 16, 2025
Merged

refactor(chore): fix audit vulnerability #167

yeshamavani merged 1 commit into from
Dec 16, 2025

Conversation

@piyushsinghgaur1
Copy link
Contributor

@piyushsinghgaur1 piyushsinghgaur1 commented Dec 11, 2025

Description

fix audit vulnerability
Fixes #166
GH-166

image

@piyushsinghgaur1 piyushsinghgaur1 self-assigned this Dec 11, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 11, 2025

SonarQube reviewer guide

Summary: Dependency updates across multiple npm packages including express, body-parser, glob, and security patches.

Review Focus: This is a large-scale dependency update (200+ packages). Key areas requiring attention:

  • Express upgraded from 4.21.2 → 4.22.1 with changes to dependency pinning strategy (exact → range)
  • body-parser 2.2.0 → 2.2.1 introduces new iconv-lite 0.7.0 bundled dependency
  • Security-related updates: node-forge (1.3.1 → 1.3.3), js-yaml (4.1.0 → 4.1.1), jws (3.2.2 → 3.2.3)
  • npm self-update (11.6.2 → 11.7.0) with extensive internal restructuring

Start review at: node_modules/express/package.json changes. This is the most critical change as Express is the core framework, and the shift from exact version pinning to range-based dependencies could introduce unexpected behavior in production deployments.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@yeshamavani yeshamavani merged commit f5123af into master Dec 16, 2025
7 checks passed
@yeshamavani yeshamavani deleted the GH-166 branch December 16, 2025 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yeshamavani yeshamavani yeshamavani approved these changes

Assignees

@piyushsinghgaur1 piyushsinghgaur1

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix audit vulnerability scan issues

3 participants

@piyushsinghgaur1 @yeshamavani