Skip to content

Resolve Dependabot Security Alert #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mouliSF4071 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Resolve Dependabot Security Alert #7

mouliSF4071 wants to merge 1 commit into from

Conversation

@mouliSF4071
Copy link
Collaborator

@mouliSF4071 mouliSF4071 commented Dec 17, 2025

Bug description

Resolve dependabot issue

Root cause

the raised dependabot alert based on dependencies used are out of date and may result in vulnerability

Solution description

Package From (current range) To (patched version)
axios >=0.21.2 ^0.30.2
lodash >=4.17.5 ^
js-yaml >=3.13.1 >=4.1.1

Reason for not identifying earlier

  • This is rare scenario as the rotate angle have decimal value , the same value is not repeated so the issue was not noticed before. Now it was noticed and fixed.

Areas tested against this fix

  • Tested rotating the shapes.
  • Tested rotating and leaving with same angles like form 0 to 0, or 45 to 45.

Is it a breaking issue?

  • Yes, Tag breaking-issue.
  • NO

If yes, provide the breaking commit details / MR here.

Action taken

Fixed the issue by using proper method call,
Tested sceanrios.

Feature matrix document updated

  • Yes
  • NO
  • NA

Automation details - Mark Is Automated field as (Yes, Manual, Not Applicable) in corresponding JIRA task once the bug is automated.

  • BUnit, share corresponding MR.
  • E2E or Manual Automation using tester - Make sure all items are automated with priority before release which can be tracked in automation dashboard.

If the same issue is reproduced in ej2, what will you do?

  • Resolved. Provide MR link.
  • NO. Created task to track it. Share task link.
  • NA

Is this common issue need to be addressed in the same component or on other components in our platform?

  • Yes - Need to check in other components, tag needs-attention-coreteam
  • No

Output screenshots

Blazor Checklist

Confirm whether this feature is ensured in both Blazor Server and WASM

  • NA
  • Yes
  • NO

Is there any new API or existing API name change?

  • Yes. If yes, Provide API Review task link.
  • NO

Is there any existing behavior change due to this code change?

  • Yes. Add breaking-change label.
  • NO

Do the code changes cause any memory leak and performance issue? (Test only if you suspect that your code may cause problem)

  • Yes
  • NO

Reviewer Checklist

  • All provided information are reviewed and ensured.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mouliSF4071