hyperdx/packages/app
Rahul ef66cba8cd
build(deps): add security resolutions for vulnerable npm packages (#1740)
## Summary

Addresses npm security vulnerabilities in transitive dependencies. Prefer direct dependency upgrades over broad resolutions where possible.

## Changes

**Direct upgrade:**
- **`@slack/webhook`**: `^6.1.0` → `^7.0.0` — v7 natively uses axios v1, eliminating the axios@0.21.4 SSRF/redirect vulnerabilities. Only breaking change in v7 is dropping Node <18 (we're on Node 22).

**Resolutions for transitive deps with no direct upgrade path:**
- **`fast-xml-parser`**: `^4.4.0` — fixes prototype pollution (High)
- **`systeminformation`**: `^5.24.0` — fixes command injection (High)

## Removed/Not Done

- `axios` resolution removed — covered by the `@slack/webhook` upgrade instead
- `tar` resolution removed — was a v6→v7 major jump on build-only tools (`cacache`, `node-gyp`); not present in the production image
- `glob` resolution removed — was breaking test coverage tooling (`test-exclude@6` depends on glob@^7)

## Related

Follow-up to #1731 which addressed base image vulnerabilities (Node, Go, ClickHouse).
2026-02-26 02:14:24 +00:00
..
.storybook feat(app): refactor Sources components and add custom Mantine UI variants (#1561) 2026-01-07 14:02:36 +00:00
pages feat(app): add system color scheme option and make it the default (#1776) 2026-02-23 13:35:39 +00:00
public refactor: update SVG structure and styling for ClickStack and HyperDX favicons (#1750) 2026-02-19 12:06:46 +00:00
scripts chore: Use local clickhouse instance for playwright tests (#1711) 2026-02-13 15:43:12 +00:00
src feat: Add saved query support to dashboards (#1584) 2026-02-25 23:31:55 +00:00
styles fix: improve UI layout and styling in DBSearchPage and related components (#1798) 2026-02-25 13:29:43 +00:00
tests/e2e build(deps): add security resolutions for vulnerable npm packages (#1740) 2026-02-26 02:14:24 +00:00
types fix: Pollyfill crypto.randomUUID (#904) 2025-06-03 12:35:56 -04:00
.Dockerignore first commit 2023-09-12 20:08:05 -07:00
.env.development feat: add subpath config (#1236) 2025-10-17 14:43:58 -07:00
.gitignore chore: Run playwright tests with mongo backend (#1493) 2025-12-17 18:33:28 +00:00
.stylelintignore Theme-Aware UI Improvements for ClickStack (#1685) 2026-02-03 11:44:58 +00:00
CHANGELOG.md Release HyperDX (#1777) 2026-02-24 06:21:31 +01:00
Dockerfile fix: Set correct github URL as image source in Dockerfiles (#1698) 2026-02-04 16:11:31 +00:00
eslint.config.mjs fix: add react-hooks eslint to catch pitfalls (#1661) 2026-02-04 22:04:01 +00:00
global-setup.js Add new useTimeQuery hook (#75) 2023-10-29 04:44:07 +00:00
jest.config.js Bump Typescript Version (app) (#1401) 2025-11-24 21:19:42 +00:00
knip.json feat: move v2 codes 2024-11-12 05:53:15 -07:00
mdx.d.ts first commit 2023-09-12 20:08:05 -07:00
next.config.mjs chore: deprecate Nextra and remove related code (#1728) 2026-02-12 18:32:15 +00:00
package.json chore(deps): bump lodash from 4.17.21 to 4.17.23 (#1641) 2026-02-24 18:59:44 +00:00
playwright.config.ts chore: Use local clickhouse instance for playwright tests (#1711) 2026-02-13 15:43:12 +00:00
postcss.config.cjs chore: Upgrade to Mantine@7 (#306) 2024-02-25 10:37:55 +00:00
stylelint.config.mjs Fix deprecated @import syntax warning after upgrading react (#1465) 2025-12-11 22:58:08 +00:00
tsconfig.build.json fix: Update tsconfigs to resolve IDE type errors (#1150) 2025-09-11 08:55:14 -04:00
tsconfig.json chore: Update to next 16, react 19, add react compiler (#1434) 2025-12-04 23:40:59 +00:00