Patch for CVE-2025-15284

[SvenVw]

Summary by CodeRabbit

• Security

  • Version 0.26.4 patch release addresses critical security vulnerability CVE-2025-15284. All users are strongly encouraged to upgrade immediately to ensure optimal security and protection of their data.

• Chores

  • Updated multiple dependencies across the application to latest stable versions, improving overall compatibility, reliability, and security coverage.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: bcade83

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

👋 Hotfix Branch PR Detected!

Before merging this Pull Request into main, please ensure you have finalized the hotfix by manually running the 'Release' workflow on this hotfix/20260105 branch.

This will:

1. Bump package versions.
2. Generate changelogs.
3. Create Git tags.

You can trigger the workflow from the 'Actions' tab, selecting the 'Release' workflow, and choosing this hotfix/20260105 branch.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Version bump of fdm-app from 0.26.3 to 0.26.4 with patch updates to 10 dependencies (including @maplibre/maplibre-gl-geocoder, @react-email components, @sentry packages, file-type, flatgeobuf, posthog, and react-hook-form) and workspace catalog entries for @dotenvx/dotenvx and better-auth. Changelog entry added documenting dependency updates for CVE-2025-15284 mitigation.

Changes

Cohort / File(s)	Summary
Package Configuration fdm-app/package.json, pnpm-workspace.yaml	Version bump to 0.26.4 and 10 direct dependency patch/minor updates (@maplibre, @react-email, @sentry, file-type, flatgeobuf, posthog, react-hook-form); workspace catalog updates for @dotenvx/dotenvx and better-auth.
Documentation fdm-app/CHANGELOG.md	Added 0.26.4 patch release entry documenting dependency updates for CVE-2025-15284 mitigation (commit e367ca6).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• #180: Both PRs bump fdm-app package version and update CHANGELOG with new release entries alongside dependency version updates.
• #346: Both PRs update the same dependency files (fdm-app/package.json and pnpm-workspace.yaml) with overlapping package version bumps.
• #382: Both PRs modify package.json and pnpm-workspace.yaml with coordinated dependency version updates across the workspace.

Suggested labels

branch:main

Suggested reviewers

• gerardhros

Poem

🐰 Dependencies hop and skip in line,
Versions bump, security divine,
CVE patched with careful care,
Changelog notes the update fair,
Forward march, no bugs to spare! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Patch for CVE-2025-15284' directly addresses the main change: updating dependencies to patch a specific CVE vulnerability across the codebase.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

---

📜 Recent review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e367ca6 and bcade83.

📒 Files selected for processing (2)

• fdm-app/CHANGELOG.md
• fdm-app/package.json

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.47%. Comparing base (3db0cfd) to head (e367ca6).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #399   +/-   ##
=======================================
  Coverage   87.47%   87.47%           
=======================================
  Files          91       91           
  Lines        4559     4559           
  Branches     1391     1391           
=======================================
  Hits         3988     3988           
  Misses        571      571           

Flag	Coverage Δ
fdm-calculator	86.98% <ø> (ø)
fdm-core	87.66% <ø> (ø)
fdm-data	92.12% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.