Upgrade dependencies to fix security vulnerabilities by mraible · Pull Request #393 · CrowdStrike/foundry-sample-mitre

mraible · 2026-05-18T14:42:37Z

Upgrades dependencies across the monorepo to address 30 open Dependabot alerts.

Direct upgrades (shared/mitre-vue, remediations, chart-vue):

Resolutions added/updated (root package.json):

axios 1.13.6 → 1.15.2 (CVE-2025-62718, CVE-2026-40175, CVE-2026-42033 through CVE-2026-42044, CVE-2026-42264)
postcss 8.5.14 (CVE-2026-41305)
uuid 13.0.1 (CVE-2026-41907)
ip-address 10.1.1 (CVE-2026-42338)
follow-redirects 1.16.0 (header leak to cross-domain redirects)

All tests pass (35 tests across 3 workspaces). Rebuilt tracked dist artifacts.

- vite 7.3.1 → 7.3.2 (CVE-2026-39363, CVE-2026-39364, CVE-2026-39365) - axios resolution 1.13.6 → 1.15.2 (CVE-2025-62718, CVE-2026-40175, CVE-2026-42033 through CVE-2026-42044, CVE-2026-42264) - Add postcss 8.5.14 resolution (CVE-2026-41305) - Add uuid 13.0.1 resolution (CVE-2026-41907) - Add ip-address 10.1.1 resolution (CVE-2026-42338) - Add follow-redirects 1.16.0 resolution (header leak to cross-domain redirects)

Fixes TypeScript patch hash mismatch that caused CI immutable install to fail.

mraible requested a review from a team May 18, 2026 14:42

Regenerate lockfile with correct Yarn 4.12.0

ca32753

Fixes TypeScript patch hash mismatch that caused CI immutable install to fail.

mraible enabled auto-merge (squash) May 18, 2026 15:17

BanuY approved these changes May 19, 2026

View reviewed changes

mraible merged commit 5ed02bd into main May 19, 2026
5 checks passed

mraible deleted the upgrade-security-deps branch May 19, 2026 12:43

Provide feedback