starred/soundfeed

Fork 0

mirror of https://github.com/adamchairly/soundfeed.git synced 2026-04-26 05:55:53 +03:00

[PR #3] [MERGED] [Snyk] Fix for 4 vulnerabilities #5

New issue

Closed

opened 2026-03-13 16:28:00 +03:00 by kerem · 0 comments

kerem commented

2026-03-13 16:28:00 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/adamchairly/soundfeed/pull/3
Author: @adamchairly
Created: 3/2/2026
Status: ✅ Merged
Merged: 3/2/2026
Merged by: @adamchairly

Base: main ← Head: snyk-fix-1e2b3a90641ac4f0f1c39f3fac287538

📝 Commits (1)

bed1ed2 fix: frontend/package.json & frontend/package-lock.json to reduce vulnerabilities

📊 Changes

2 files changed (+18 additions, -18 deletions)

View changed files

📝 frontend/package-lock.json (+16 -16)
📝 frontend/package.json (+2 -2)

📄 Description

Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

frontend/package.json
frontend/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-AXIOS-15252993	828
	Cross-site Scripting (XSS) SNYK-JS-REACTROUTER-14908531	574
	Cross-site Request Forgery (CSRF) SNYK-JS-REACTROUTER-14908429	559
	Cross-site Scripting (XSS) SNYK-JS-REACTROUTER-14908293	529

Important

Check the changes in this PR to ensure they won't cause issues with your project.

Max score is 1000. Note that the real score may have changed since the PR was raised.

This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Cross-site Scripting (XSS)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/adamchairly/soundfeed/pull/3 **Author:** [@adamchairly](https://github.com/adamchairly) **Created:** 3/2/2026 **Status:** ✅ Merged **Merged:** 3/2/2026 **Merged by:** [@adamchairly](https://github.com/adamchairly) **Base:** `main` ← **Head:** `snyk-fix-1e2b3a90641ac4f0f1c39f3fac287538` --- ### 📝 Commits (1) - [`bed1ed2`](https://github.com/adamchairly/soundfeed/commit/bed1ed2e24d4af6b202f3c121ebf84a2175f298c) fix: frontend/package.json & frontend/package-lock.json to reduce vulnerabilities ### 📊 Changes **2 files changed** (+18 additions, -18 deletions) <details> <summary>View changed files</summary> 📝 `frontend/package-lock.json` (+16 -16) 📝 `frontend/package.json` (+2 -2) </details> ### 📄 Description ![snyk-top-banner](https://res.cloudinary.com/snyk/image/upload/r-d/scm-platform/snyk-pull-requests/pr-banner-default.svg) ### Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project. #### Snyk changed the following file(s): - `frontend/package.json` - `frontend/package-lock.json` #### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | :-------------------------:|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Prototype Pollution [SNYK-JS-AXIOS-15252993](https://snyk.io/vuln/SNYK-JS-AXIOS-15252993) |   **828**   ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png 'high severity') | Cross-site Scripting (XSS) [SNYK-JS-REACTROUTER-14908531](https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908531) |   **574**   ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Cross-site Request Forgery (CSRF) [SNYK-JS-REACTROUTER-14908429](https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908429) |   **559**   ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Cross-site Scripting (XSS) [SNYK-JS-REACTROUTER-14908293](https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908293) |   **529**   --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3Y2U5OGY3YS04ZjVjLTQzY2UtOTIzNy00MmZiNWZlZmM2MzYiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjdjZTk4ZjdhLThmNWMtNDNjZS05MjM3LTQyZmI1ZmVmYzYzNiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/adamchairly/project/58e543dc-dc6d-4a2c-b969-9d39a7a608a5?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=github&utm_content=fix-pr-template) 🛠 [Adjust project settings](https://app.snyk.io/org/adamchairly/project/58e543dc-dc6d-4a2c-b969-9d39a7a608a5?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://docs.snyk.io/scan-with-snyk/snyk-open-source/manage-vulnerabilities/upgrade-package-versions-to-fix-vulnerabilities?utm_source=github&utm_content=fix-pr-template) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr) 🦉 [Cross-site Scripting (XSS)](https://learn.snyk.io/lesson/xss/?loc=fix-pr) [//]: # 'snyk:metadata:{"breakingChangeRiskLevel":null,"FF_showPullRequestBreakingChanges":false,"FF_showPullRequestBreakingChangesWebSearch":false,"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"axios","from":"1.13.2","to":"1.13.5"},{"name":"react-router-dom","from":"7.11.0","to":"7.12.0"}],"env":"prod","issuesToFix":["SNYK-JS-AXIOS-15252993","SNYK-JS-REACTROUTER-14908293","SNYK-JS-REACTROUTER-14908429","SNYK-JS-REACTROUTER-14908531"],"prId":"7ce98f7a-8f5c-43ce-9237-42fb5fefc636","prPublicId":"7ce98f7a-8f5c-43ce-9237-42fb5fefc636","packageManager":"npm","priorityScoreList":[828,529,559,574],"projectPublicId":"58e543dc-dc6d-4a2c-b969-9d39a7a608a5","projectUrl":"https://app.snyk.io/org/adamchairly/project/58e543dc-dc6d-4a2c-b969-9d39a7a608a5?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"user-initiated","upgrade":["SNYK-JS-AXIOS-15252993","SNYK-JS-REACTROUTER-14908293","SNYK-JS-REACTROUTER-14908429","SNYK-JS-REACTROUTER-14908531"],"vulns":["SNYK-JS-AXIOS-15252993","SNYK-JS-REACTROUTER-14908293","SNYK-JS-REACTROUTER-14908429","SNYK-JS-REACTROUTER-14908531"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}' --- 🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

kerem

2026-03-13 16:28:00 +03:00

closed this issue
added the
pull-request
label

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/soundfeed#5

No description provided.

Rows
Columns