Skip to content

added code to merge page load responses if they return before action …#528

Merged
Nikhil-Nandagopal merged 2 commits into
releasefrom
fix/page-load
Sep 10, 2020
Merged

added code to merge page load responses if they return before action …#528
Nikhil-Nandagopal merged 2 commits into
releasefrom
fix/page-load

Conversation

@Nikhil-Nandagopal

Copy link
Copy Markdown
Contributor

…load responses

@Nikhil-Nandagopal Nikhil-Nandagopal merged commit 88b471c into release Sep 10, 2020
@Nikhil-Nandagopal Nikhil-Nandagopal deleted the fix/page-load branch September 10, 2020 10:42
subrata71 added a commit that referenced this pull request Jun 2, 2026
## Description

Bulk update of Yarn resolution overrides in `app/client/package.json` to
resolve **72 open Dependabot security alerts** across **19 npm
packages**. This is the single highest-leverage PR for the SOC2
vulnerability remediation effort — it addresses 50% of all open CE
alerts by updating version pins in one file.

All changes are confined to resolution overrides and the regenerated
`yarn.lock`. No application code changes.

Fixes https://linear.app/appsmith/issue/APP-15271

### Updated Existing Resolutions (38 alerts)

| Package | Previous | New | Alerts Fixed |
|---|---|---|---|
| `axios` | `^1.15.0` | `^1.16.1` | 15 |
| `protobufjs` | `^7.5.5` | `^7.5.8` | 8 |
| `undici` | `6.21.2` | `6.24.0` | 6 |
| `minimatch` | `^5.0.0` | `^5.1.8` | 3 |
| `fast-xml-parser` | `4.5.4` | `4.5.5` | 2 |
| `brace-expansion` | `1.1.12` | `1.1.13` | 1 |
| `postcss` | `8.4.31` | `8.5.15` | 1 |
| `webpack` | `5.98.0` | `5.104.1` | 2 |

### New Resolutions Added (34 alerts)

| Package | Version | Alerts Fixed |
|---|---|---|
| `lodash` | `4.18.1` | 9 |
| `lodash-es` | `4.18.1` | 3 |
| `node-forge` | `1.4.0` | 7 |
| `@xmldom/xmldom` | `0.8.13` | 5 |
| `picomatch` | `2.3.2` | 2 |
| `underscore` | `1.13.8` | 1 |
| `defu` | `6.1.5` | 1 |
| `immutable` | `4.3.8` | 1 |
| `js-cookie` | `3.0.7` | 1 |
| `simple-git` | `3.36.0` | 1 |
| `@protobufjs/utf8` | `1.1.1` | 1 |

Also bumps direct dependency `node-forge` from `^1.3.0` to `^1.4.0`.

### Related Dependabot Alerts

This PR is expected to resolve the following alerts on merge:

**axios** (15):
[#602](https://github.com/appsmithorg/appsmith/security/dependabot/602),
[#603](https://github.com/appsmithorg/appsmith/security/dependabot/603),
[#604](https://github.com/appsmithorg/appsmith/security/dependabot/604),
[#605](https://github.com/appsmithorg/appsmith/security/dependabot/605),
[#606](https://github.com/appsmithorg/appsmith/security/dependabot/606),
[#607](https://github.com/appsmithorg/appsmith/security/dependabot/607),
[#608](https://github.com/appsmithorg/appsmith/security/dependabot/608),
[#609](https://github.com/appsmithorg/appsmith/security/dependabot/609),
[#610](https://github.com/appsmithorg/appsmith/security/dependabot/610),
[#611](https://github.com/appsmithorg/appsmith/security/dependabot/611),
[#612](https://github.com/appsmithorg/appsmith/security/dependabot/612),
[#613](https://github.com/appsmithorg/appsmith/security/dependabot/613),
[#614](https://github.com/appsmithorg/appsmith/security/dependabot/614),
[#641](https://github.com/appsmithorg/appsmith/security/dependabot/641),
[#642](https://github.com/appsmithorg/appsmith/security/dependabot/642)

**lodash + lodash-es** (12):
[#472](https://github.com/appsmithorg/appsmith/security/dependabot/472),
[#473](https://github.com/appsmithorg/appsmith/security/dependabot/473),
[#474](https://github.com/appsmithorg/appsmith/security/dependabot/474),
[#565](https://github.com/appsmithorg/appsmith/security/dependabot/565),
[#566](https://github.com/appsmithorg/appsmith/security/dependabot/566),
[#567](https://github.com/appsmithorg/appsmith/security/dependabot/567),
[#568](https://github.com/appsmithorg/appsmith/security/dependabot/568),
[#569](https://github.com/appsmithorg/appsmith/security/dependabot/569),
[#570](https://github.com/appsmithorg/appsmith/security/dependabot/570),
[#471](https://github.com/appsmithorg/appsmith/security/dependabot/471),
[#562](https://github.com/appsmithorg/appsmith/security/dependabot/562),
[#564](https://github.com/appsmithorg/appsmith/security/dependabot/564)

**protobufjs + @protobufjs/utf8** (9):
[#621](https://github.com/appsmithorg/appsmith/security/dependabot/621),
[#622](https://github.com/appsmithorg/appsmith/security/dependabot/622),
[#623](https://github.com/appsmithorg/appsmith/security/dependabot/623),
[#624](https://github.com/appsmithorg/appsmith/security/dependabot/624),
[#625](https://github.com/appsmithorg/appsmith/security/dependabot/625),
[#626](https://github.com/appsmithorg/appsmith/security/dependabot/626),
[#627](https://github.com/appsmithorg/appsmith/security/dependabot/627),
[#628](https://github.com/appsmithorg/appsmith/security/dependabot/628),
[#639](https://github.com/appsmithorg/appsmith/security/dependabot/639)

**node-forge** (7):
[#448](https://github.com/appsmithorg/appsmith/security/dependabot/448),
[#449](https://github.com/appsmithorg/appsmith/security/dependabot/449),
[#450](https://github.com/appsmithorg/appsmith/security/dependabot/450),
[#543](https://github.com/appsmithorg/appsmith/security/dependabot/543),
[#554](https://github.com/appsmithorg/appsmith/security/dependabot/554),
[#555](https://github.com/appsmithorg/appsmith/security/dependabot/555),
[#556](https://github.com/appsmithorg/appsmith/security/dependabot/556)

**undici** (6):
[#464](https://github.com/appsmithorg/appsmith/security/dependabot/464),
[#526](https://github.com/appsmithorg/appsmith/security/dependabot/526),
[#527](https://github.com/appsmithorg/appsmith/security/dependabot/527),
[#528](https://github.com/appsmithorg/appsmith/security/dependabot/528),
[#529](https://github.com/appsmithorg/appsmith/security/dependabot/529),
[#530](https://github.com/appsmithorg/appsmith/security/dependabot/530)

**@xmldom/xmldom** (5):
[#560](https://github.com/appsmithorg/appsmith/security/dependabot/560),
[#586](https://github.com/appsmithorg/appsmith/security/dependabot/586),
[#587](https://github.com/appsmithorg/appsmith/security/dependabot/587),
[#588](https://github.com/appsmithorg/appsmith/security/dependabot/588),
[#589](https://github.com/appsmithorg/appsmith/security/dependabot/589)

**minimatch** (3):
[#502](https://github.com/appsmithorg/appsmith/security/dependabot/502),
[#506](https://github.com/appsmithorg/appsmith/security/dependabot/506),
[#508](https://github.com/appsmithorg/appsmith/security/dependabot/508)

**picomatch** (3):
[#540](https://github.com/appsmithorg/appsmith/security/dependabot/540),
[#541](https://github.com/appsmithorg/appsmith/security/dependabot/541),
[#542](https://github.com/appsmithorg/appsmith/security/dependabot/542)

**fast-xml-parser** (3):
[#536](https://github.com/appsmithorg/appsmith/security/dependabot/536),
[#576](https://github.com/appsmithorg/appsmith/security/dependabot/576),
[#591](https://github.com/appsmithorg/appsmith/security/dependabot/591)

**webpack** (2):
[#487](https://github.com/appsmithorg/appsmith/security/dependabot/487),
[#488](https://github.com/appsmithorg/appsmith/security/dependabot/488)

**postcss** (1):
[#595](https://github.com/appsmithorg/appsmith/security/dependabot/595)
**brace-expansion** (1):
[#558](https://github.com/appsmithorg/appsmith/security/dependabot/558)
**defu** (1):
[#571](https://github.com/appsmithorg/appsmith/security/dependabot/571)
**immutable** (1):
[#521](https://github.com/appsmithorg/appsmith/security/dependabot/521)
**js-cookie** (1):
[#634](https://github.com/appsmithorg/appsmith/security/dependabot/634)
**simple-git** (1):
[#615](https://github.com/appsmithorg/appsmith/security/dependabot/615)
**underscore** (1):
[#515](https://github.com/appsmithorg/appsmith/security/dependabot/515)

### Slack Thread
https://theappsmith.slack.com/archives/C09NG5BJ18S/p1780304878402439

## Automation

/ok-to-test tags="@tag.All"

### 🔍 Cypress test results
<!-- This comment will be updated by the CI/CD pipeline -->

## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
  * Updated `node-forge` dependency to latest version.
* Updated multiple dependency resolutions including `minimatch`,
`webpack`, `postcss`, `axios`, `undici`, and others to ensure
compatibility and stability.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/26758373297>
> Commit: 84dcd36
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=26758373297&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Mon, 01 Jun 2026 16:17:46 UTC
<!-- end of auto-generated comment: Cypress test results  -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants