kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: kitos/Aegis:c62dafbc1f5d588ac70141aabba5f2756adf965f
Branches Tags
kitos/Aegis:main kitos/Aegis:refactor/pep8-types-docs
..
compare: kitos/Aegis:498536f3f10ce69dfcbd9cf0dc16cd811d113a26
Branches Tags
kitos/Aegis:main kitos/Aegis:refactor/pep8-types-docs

2 Commits
c62dafbc1f .. 498536f3f1

Author SHA1 Message Date
kitos 498536f3f1 fix(security): remediate CVE-2026-42043 — upgrade axios ^1.14.0
Aegis CI / lint-and-test (push) Has been cancelled
Details 
- package.json: bump axios constraint from ^1.13.5 to ^1.14.0
- Dockerfile build stage: npm ci -> npm install so the semver range
  in package.json is honoured at build time (npm ci uses the lockfile
  exactly, bypassing the updated constraint)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-04 13:17:45 +02:00
kitos bea5a8e781 fix(security): upgrade axios to >=1.14.0 — CVE-2026-42043 (CVSS 10) 
Bumps minimum Axios version from 1.13.5 to 1.14.0 to remediate
CVE-2026-42043 identified by VMT / Wiz (asset: AegisTest).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-04 10:16:41 +02:00
2 changed files with 2 additions and 2 deletions
Expand all files Collapse all files
frontend/Dockerfile
+1 -1
View File
@@ -25,7 +25,7 @@ FROM node:20-alpine AS build
WORKDIR /app WORKDIR /app
COPY package*.json ./ COPY package*.json ./
RUN npm ci RUN npm install
COPY . . COPY . .
RUN npm run build RUN npm run build
frontend/package.json
+1 -1
View File
@@ -11,7 +11,7 @@
"dependencies": { "dependencies": {
"@tanstack/react-query": "^5.90.20", "@tanstack/react-query": "^5.90.20",
"@tanstack/react-virtual": "^3.13.18", "@tanstack/react-virtual": "^3.13.18",
"axios": "^1.13.5", "axios": "^1.14.0",
"lucide-react": "^0.563.0", "lucide-react": "^0.563.0",
"react": "^19.2.4", "react": "^19.2.4",
"react-dom": "^19.2.4", "react-dom": "^19.2.4",