Skip to content

Claude/audit dependencies mjdsp9lyjt0f84ue b rz cv #1292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TheWorthyOne wants to merge 19 commits into
base: main
Choose a base branch
from
Open

Claude/audit dependencies mjdsp9lyjt0f84ue b rz cv #1292

TheWorthyOne wants to merge 19 commits into from

Conversation

@TheWorthyOne
Copy link

@TheWorthyOne TheWorthyOne commented Dec 20, 2025

Features

  • Feature 1
  • Feature 2

Feature Docs

Influence

Result

Other

TheWorthyOne and others added 19 commits December 18, 2025 22:59
@TheWorthyOne
Deleted example.txt
430e77a
@TheWorthyOne
Added manifest.json
6f93e4e
@TheWorthyOne
Updated index.html
00f6f6a
@TheWorthyOne
Added icon-128x128.png
fe37388
@TheWorthyOne
Added icon-144x144.png
47e7b4a
@TheWorthyOne
Added icon-152x152.png
767c71e
@TheWorthyOne
Added icon-192x192.png
3eb64ca
@TheWorthyOne
Added icon-384x384.png
98a418c
@TheWorthyOne
Added icon-512x512.png
023eb27
@TheWorthyOne
Added icon-72x72.png
5cc738a
@TheWorthyOne
Added icon-96x96.png
8ffa1f4
@TheWorthyOne
Added maskable-icon-512x512.png
037fa16
@TheWorthyOne
Added package.json
6272106
@TheWorthyOne
Added package-lock.json
b762cce
@TheWorthyOne
Updated manifest.json
0412ac6
@TheWorthyOne
Added netlify.toml
d339021
@TheWorthyOne
Publish application
f9c61c6
@claude
Fix security vulnerabilities and optimize dependencies
b233b9f 
Security Fixes:
- Fixed 6 critical/high vulnerabilities in chart_visualization package
  - minimist: Prototype Pollution (CVSS 9.8) - forced to v1.2.8
  - axios: DoS attack (CVSS 7.5) - updated via audit fix
  - tar-fs: Path traversal - updated via audit fix
  - form-data: Unsafe random function - updated via audit fix
  - js-yaml: Prototype pollution - updated via audit fix
  - geojson-flatten: Inherited from minimist - resolved

Package Updates:
- @visactor/vchart: 1.13.x → 2.0.11 (major version upgrade)
- @visactor/vmind: 2.0.5 → 2.0.10 (patch updates)

Optimizations:
- Moved 'serve' from dependencies to devDependencies in root package.json
- Added npm overrides to force secure minimist version (1.2.8+)

Result: 0 vulnerabilities in all packages
@claude
Add PR description and automated testing script
3be2064 
- PR_DESCRIPTION.md: Comprehensive PR description for security fixes
- test-security-fixes.sh: Automated test suite for validating all security fixes
@github-actions github-actions bot added the ⭐ top pull request Top pull request. label Dec 20, 2025
@github-actions github-actions bot mentioned this pull request Dec 20, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

⭐ top pull request Top pull request.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TheWorthyOne @claude