Skip to content

chore(deps): bump react and @types/react #2588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dependabot wants to merge 1 commit into from

chore(deps): bump react and @types/react

bba209a
Select commit
Loading
Failed to load commit list.
Closed

chore(deps): bump react and @types/react #2588

chore(deps): bump react and @types/react
bba209a
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed Jan 18, 2026 in 2s

18 new alerts including 8 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 8 high
  • 9 medium
  • 1 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 33640 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

cross-spawn: regular expression denial of service High

Package: cross-spawn
Installed Version: 5.1.0
Vulnerability CVE-2024-21538
Severity: HIGH
Fixed Version: 7.0.5, 6.0.6
Link: CVE-2024-21538

Check failure on line 13069 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-axios: Regular expression denial of service in trim function High

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2021-3749
Severity: HIGH
Fixed Version: 0.21.2
Link: CVE-2021-3749

Check failure on line 30971 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-fetch: exposure of sensitive information to an unauthorized actor High

Package: node-fetch
Installed Version: 1.7.3
Vulnerability CVE-2022-0235
Severity: HIGH
Fixed Version: 3.1.1, 2.6.7
Link: CVE-2022-0235

Check failure on line 13069 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests High

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2025-27152
Severity: HIGH
Fixed Version: 1.8.2, 0.30.0
Link: CVE-2025-27152

Check failure on line 22609 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode High

Package: ssri
Installed Version: 5.3.0
Vulnerability CVE-2021-27290
Severity: HIGH
Fixed Version: 6.0.2, 7.1.1, 8.0.1
Link: CVE-2021-27290

Check failure on line 19060 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor High

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2022-0155
Severity: HIGH
Fixed Version: 1.14.7
Link: CVE-2022-0155

Check failure on line 22030 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm High

Package: jws
Installed Version: 3.2.2
Vulnerability CVE-2025-65945
Severity: HIGH
Fixed Version: 3.2.3, 4.0.1
Link: CVE-2025-65945

Check failure on line 20376 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability High

Package: http-cache-semantics
Installed Version: 3.8.1
Vulnerability CVE-2022-25881
Severity: HIGH
Fixed Version: 4.1.1
Link: CVE-2022-25881

Check warning on line 32686 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ... Medium

Package: ssri
Installed Version: 4.1.6
Vulnerability CVE-2018-7651
Severity: MEDIUM
Fixed Version: 5.2.2
Link: CVE-2018-7651

Check warning on line 21880 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

js-yaml: js-yaml prototype pollution in merge Medium

Package: js-yaml
Installed Version: 4.1.0
Vulnerability CVE-2025-64718
Severity: MEDIUM
Fixed Version: 4.1.1, 3.14.2
Link: CVE-2025-64718

Check warning on line 19060 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

follow-redirects: Possible credential leak Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2024-28849
Severity: MEDIUM
Fixed Version: 1.15.6
Link: CVE-2024-28849

Check warning on line 19060 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2023-26159
Severity: MEDIUM
Fixed Version: 1.15.4
Link: CVE-2023-26159

Check warning on line 19060 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

follow-redirects: Exposure of Sensitive Information via Authorization Header leak Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2022-0536
Severity: MEDIUM
Fixed Version: 1.14.8
Link: CVE-2022-0536

Check warning on line 14832 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets Medium

Package: got
Installed Version: 6.7.1
Vulnerability CVE-2022-33987
Severity: MEDIUM
Fixed Version: 12.1.0, 11.8.5
Link: CVE-2022-33987

Check warning on line 13069 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

axios: exposure of confidential data stored in cookies Medium

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2023-45857
Severity: MEDIUM
Fixed Version: 1.6.0, 0.28.0
Link: CVE-2023-45857

Check warning on line 13069 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address Medium

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2020-28168
Severity: MEDIUM
Fixed Version: 0.21.1
Link: CVE-2020-28168

Check warning on line 6893 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

js-yaml: js-yaml prototype pollution in merge Medium

Package: js-yaml
Installed Version: 3.14.1
Vulnerability CVE-2025-64718
Severity: MEDIUM
Fixed Version: 4.1.1, 3.14.2
Link: CVE-2025-64718

Check notice on line 34022 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

tmp: tmp Symbolic Link Write Vulnerability Low

Package: tmp
Installed Version: 0.0.33
Vulnerability CVE-2025-54798
Severity: LOW
Fixed Version: 0.2.4
Link: CVE-2025-54798