Update Dependencies and Address Security Vulnerabilities#111

Open

colton123e wants to merge 1 commit intoAF-VCD:masterfrom

colton123e:dependency-fix

colton123e commented Sep 15, 2025

This PR updates project dependencies and regenerates package-lock.json to address reported vulnerabilities.

Key Changes

Ran npm audit fix to apply non-breaking security patches where available.
Cleaned up and reinstalled dependencies to ensure consistency with updated lockfile.
Verified project builds and runs locally after updates.

Why

Prior package-lock.json contained packages with moderate to high severity vulnerabilities (including nth-check, postcss, and webpack-dev-server).
These updates improve project security and maintainability, preparing the repo for future Node/npm compatibility.

Notes

xlsx library still reports advisories (GHSA-4r6h-8v6p-xvw6 and GHSA-5pgg-2g8v-p4x9) with no fix currently available. This remains as a known limitation upstream.
Some transitive dependencies may still show deprecation warnings but do not block builds or functionality.
Major upgrades (e.g., react-scripts) were not force-installed to avoid introducing breaking changes; this PR sticks to safe updates only.


          chore: apply npm audit fix (non-breaking dependency updates)

a41354b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet