Skip to content

chore: [sc-12641] several frontend projects: CVE-2025-58754, CVE-2025-58752, CVE-2025-58751 #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
italo-addsearch wants to merge 2 commits into from
Closed

chore: [sc-12641] several frontend projects: CVE-2025-58754, CVE-2025-58752, CVE-2025-58751 #91

italo-addsearch wants to merge 2 commits into from

Conversation

@italo-addsearch
Copy link
Contributor

@italo-addsearch italo-addsearch commented Sep 15, 2025
edited by coderabbitai bot
Loading

Story details: https://app.shortcut.com/addsearch/story/12641

Summary by CodeRabbit

  • Chores
    • Bumped app version to 1.1.3.
    • Updated underlying HTTP client dependency to a newer stable release, bringing upstream fixes, security patches, and reliability improvements.
    • No changes to user-facing features, settings, or public API; existing integrations continue to work as before.
    • No migration or action required from users; standard update/install will pick up the new version automatically.

@coderabbitai
Copy link

coderabbitai bot commented Sep 15, 2025
edited
Loading

Walkthrough

Bumped package version from 1.1.2 to 1.1.3 and upgraded the axios dependency in package.json from ^1.7.2 to ^1.12.0. No other script, API, or exported-signature changes detected.

Changes

Cohort / File(s) Summary of changes
Package metadata & dependencies
package.json		 Version bumped 1.1.21.1.3; dependency axios updated from ^1.7.2^1.12.0. No other changes to scripts or public API.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

Suggested reviewers

  • kanarupan-addsearch

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The PR title clearly identifies this as a chore tied to story SC-12641 and states the intent to address multiple CVEs; this aligns with the changeset which updates package.json (notably bumping axios and the package version). The title is specific, includes the tracking ID and CVE identifiers, and avoids noisy file lists or emojis, so a reviewer can immediately understand the primary purpose. Therefore the title is an accurate and appropriate summary of the main change.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch sc-12641/several-frontend-projects-cve-2025-58754-cve
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b44e077 and 9a73bee.

📒 Files selected for processing (1)
  • package.json (2 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • package.json

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 15, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@italo-addsearch italo-addsearch deleted the sc-12641/several-frontend-projects-cve-2025-58754-cve branch September 15, 2025 11:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@italo-addsearch