Skip to content

[Snyk] Security upgrade ejs from 3.1.10 to 5.0.1#308

Merged
Type-Style merged 100 commits intomainfrom
snyk-fix-2a1fcf05e0d4a08f022e96d6c2404153
Mar 28, 2026
Merged

[Snyk] Security upgrade ejs from 3.1.10 to 5.0.1#308
Type-Style merged 100 commits intomainfrom
snyk-fix-2a1fcf05e0d4a08f022e96d6c2404153

Conversation

@Type-Style
Copy link
Copy Markdown
Owner

@Type-Style Type-Style commented Mar 28, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue
high severity Infinite loop
SNYK-JS-BRACEEXPANSION-15789759

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Type-Style and others added 30 commits April 8, 2025 16:30
@Type-Style
[Change] make read and token request more secure
303e8b4
@Type-Style
[Task] update validation
b599e85
@Type-Style
[Task] improve error handling of tokens
4d12f89
@dependabot
Bump vite in the npm_and_yarn group across 1 directory
1be2725 
Bumps the npm_and_yarn group with 1 update in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `vite` from 6.2.5 to 6.2.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.2.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.2.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 6.2.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@snyk-bot
fix: upgrade @mui/icons-material from 6.4.7 to 6.4.8
4660414 
Snyk has created this PR to upgrade @mui/icons-material from 6.4.7 to 6.4.8.

See this package in npm:
@mui/icons-material

See this project in Snyk:
https://app.snyk.io/org/type-style/project/e2bcd002-cb74-409c-ba55-fb6349df1cbc?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade axios from 1.8.3 to 1.8.4
03bf7e5 
Snyk has created this PR to upgrade axios from 1.8.3 to 1.8.4.

See this package in npm:
axios

See this project in Snyk:
https://app.snyk.io/org/type-style/project/e2bcd002-cb74-409c-ba55-fb6349df1cbc?utm_source=github&utm_medium=referral&page=upgrade-pr
@Type-Style
Merge pull request #262 from Type-Style/dependabot/npm_and_yarn/npm_a…
836e512 
…nd_yarn-b7c6efa8f1

Bump vite from 6.2.5 to 6.2.6 in the npm_and_yarn group across 1 directory
@Type-Style
Merge pull request #263 from Type-Style/snyk-upgrade-942dc16205d2cc18…
1ec575c 
…4cec591d98ff5084

[Snyk] Upgrade @mui/icons-material from 6.4.7 to 6.4.8
@Type-Style
Merge pull request #265 from Type-Style/snyk-upgrade-3706d1654b6cc534…
27d9731 
…8c6de9a735e32e89

[Snyk] Upgrade axios from 1.8.3 to 1.8.4
@Type-Style
[Feat] #266, local tiles, maxZoom fixes, zip functionality
83083ec
@Type-Style
[Feat] #266, improve zip handling, and code improvements
3a6e375
@Type-Style
Merge pull request #267 from Type-Style/266-local-tiles
a3293a1 
266 local tiles
@Type-Style
[Task] update packages
5065535
@Type-Style
[Change] improve entry and path
0fdd673
@Type-Style
[Task] #274 update test, since force installing is not needed anymore
c13b34c
@Type-Style
[Feat] #273, ignore pauses for distance
593d8c3
@Type-Style
[Task] hide layers control if logged out
017aa8a
@Type-Style
[Feat] #272 collapse grid with status
ca07045
@Type-Style
[Task] update console logs for testdata
b24bb85
@Type-Style
[Feat] #273 exlude distance if very first entry is ignored
7a19dc5
@Type-Style
[Task] add threshold for path calculation
739980c
@Type-Style
[Feat] #273 print paused data conditionally
05441c9
@Type-Style
[Feat] #272 styling and collapseable status
e7fb9c8
@Type-Style
[Feat] #273, improve conditional output
0fab2af
@Type-Style
[Task] increase timeout
c290078
@Type-Style
[Fix] devskim environment upgrade ubuntu version
d4da667
@Type-Style
[Task] improve test data creation
2fdc998
@Type-Style
[Task] version++
e76c70c
@Type-Style
[Task] #272 improve table alignment
f5009d8
@Type-Style
[Task] #272, improve status table alignment
b1985cb
snyk-bot and others added 27 commits January 12, 2026 07:20
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
a48e52d 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908531
- https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908286
- https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908429
- https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908293
- https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908289
@Type-Style
Merge pull request #294 from Type-Style/snyk-upgrade-4dae6d535aa55b6f…
7b03ae6 
…c183d0a045c5cf23

[Snyk] Upgrade react from 19.1.0 to 19.2.1
@Type-Style
Merge pull request #296 from Type-Style/snyk-upgrade-8bb3e47e8c225813…
0aa50e9 
…13518437ad9ade62

[Snyk] Upgrade react-router-dom from 7.8.2 to 7.10.1
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
52ca7fe 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-15252993
@Type-Style
Merge pull request #297 from Type-Style/snyk-upgrade-a2fb8355cee70753…
0d00d77 
…671bcaa7c6fb4433

[Snyk] Upgrade @mui/icons-material from 7.3.1 to 7.3.6
@Type-Style
Merge pull request #298 from Type-Style/snyk-upgrade-5e6ba6ac253ce490…
b771147 
…651752e5af55218a

[Snyk] Upgrade axios from 1.12.0 to 1.13.2
@Type-Style
Merge pull request #299 from Type-Style/dependabot/npm_and_yarn/npm_a…
c2d913e 
…nd_yarn-2b901f0e0d

Bump qs from 6.14.0 to 6.14.1 in the npm_and_yarn group across 1 directory
@Type-Style
Merge branch 'dev' into snyk-fix-fc623a2789bb05822ba12fc21275b717
605fe5d
@Type-Style
Merge branch 'dev' into snyk-fix-c0ee6cfc85002f86e893e9159868192f
8ae591f
@Type-Style
Merge pull request #302 from Type-Style/snyk-fix-c0ee6cfc85002f86e893…
ee76a2b 
…e9159868192f

[Snyk] Security upgrade axios from 1.12.0 to 1.13.5
@Type-Style
Merge pull request #300 from Type-Style/snyk-fix-fc623a2789bb05822ba1…
0700a9e 
…2fc21275b717

[Snyk] Security upgrade react-router-dom from 7.8.2 to 7.12.0
@Type-Style
Remove unused dependencies from package.json
38424bd
@Type-Style
[task] update package.json
71e91d9
@Type-Style
[fix] repair popupTabs after update
9d94a52
@Type-Style
[fix] repair address test
6ebceea
@Type-Style
[change] update eslint config
12050cf
@Type-Style
[task] update code linting
ed769f5
@dependabot
Bump the npm_and_yarn group across 1 directory with 2 updates
d827793 
Bumps the npm_and_yarn group with 2 updates in the / directory: [minimatch](https://github.com/isaacs/minimatch) and [ajv](https://github.com/ajv-validator/ajv).


Updates `minimatch` from 3.1.2 to 3.1.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.4)

Updates `ajv` from 6.12.6 to 6.14.0
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](ajv-validator/ajv@v6.12.6...v6.14.0)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ajv
  dependency-version: 6.14.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@Type-Style
Merge pull request #304 from Type-Style/dependabot/npm_and_yarn/npm_a…
b598f00 
…nd_yarn-10729c40e0

Bump the npm_and_yarn group across 1 directory with 2 updates
@dependabot
Bump rollup in the npm_and_yarn group across 1 directory
82dc7e9 
Bumps the npm_and_yarn group with 1 update in the / directory: [rollup](https://github.com/rollup/rollup).


Updates `rollup` from 4.41.0 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.41.0...v4.59.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@Type-Style
Merge pull request #305 from Type-Style/dependabot/npm_and_yarn/npm_a…
13f7f3b 
…nd_yarn-b2936519f3

Bump rollup from 4.41.0 to 4.59.0 in the npm_and_yarn group across 1 directory
@dependabot
build(deps): bump serialize-javascript
a81ea08 
Bumps the npm_and_yarn group with 1 update in the / directory: [serialize-javascript](https://github.com/yahoo/serialize-javascript).


Removes `serialize-javascript`

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@Type-Style
Merge pull request #306 from Type-Style/dependabot/npm_and_yarn/npm_a…
3aa1037 
…nd_yarn-5be2081b8c

build(deps): bump serialize-javascript from 6.0.2 to removed in the npm_and_yarn group across 1 directory
@Type-Style
[fix] repair address fetching
3a560cc
@Type-Style
[fix] resolve npm security vulnerabilities via audit fix (brace-expan…
6b3d75b 
…sion, picomatch, path-to-regexp, yaml)
@Type-Style
[task] add typecheck scripts for backend, frontend and tests
0058f1e
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
ce828a9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-15789759
@Type-Style Type-Style changed the base branch from dev to main March 28, 2026 22:56
@Type-Style Type-Style merged commit 1c6a9b6 into main Mar 28, 2026
9 of 10 checks passed
@Type-Style Type-Style deleted the snyk-fix-2a1fcf05e0d4a08f022e96d6c2404153 branch March 28, 2026 22:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Type-Style @snyk-bot