fix: fixed stylus vulnerability by using the npm provided - 0.0.1-security version

[SagarRajput-7]

📄 Summary

Fix: Add yarn resolution for stylus security vulnerability

Issue

The typescript-plugin-css-modules package depends on stylus@^0.59.0 (v5.0.1) or stylus@^0.62.0 (v5.1.0), which contains known security vulnerabilities.

Why upgrading the dependent package doesn't solve this

• Even the latest typescript-plugin-css-modules@5.1.0 still requires stylus@^0.62.0
• The original stylus package has been replaced in npm registry with stylus@0.0.1-security (a security stub)
• Without explicit resolution, yarn shows warnings about version mismatches

Solution

Added yarn resolution to explicitly force stylus@0.0.1-security:

"resolutions": {
  "stylus": "0.0.1-security"
}

Debugging / Testing

• yarn install completes without security warnings
• yarn build runs fine
• yarn why stylus shows forced resolution working correctly

---

✅ Changes

• Feature: Brief description
• Bug fix: Brief description

---

🏷️ Required: Add Relevant Labels

⚠️ Manually add appropriate labels in the PR sidebar
Please select one or more labels (as applicable):

ex:

• frontend
• backend
• devops
• bug
• enhancement
• ui
• test

---

👥 Reviewers

Tag the relevant teams for review:

• frontend / backend / devops

---

🧪 How to Test

1. ...
2. ...
3. ...

---

🔍 Related Issues

Closes #

---

📸 Screenshots / Screen Recording (if applicable / mandatory for UI related changes)

---

📋 Checklist

• Dev Review
• Test cases added (Unit/ Integration / E2E)
• Manually tested the changes

---

👀 Notes for Reviewers

---

Important

Update stylus to 0.0.1-security in package.json to fix a security vulnerability.

• Dependencies:
  • Update stylus to version 0.0.1-security in package.json to address a security vulnerability.

^{This description was created by for c9c61de. You can customize this summary. It will automatically update as commits are pushed.}

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to c9c61de in 57 seconds. Click for details.

• Reviewed 13 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. frontend/package.json:258

• Draft comment:
  The diff only updates the dependency 'stylus' to version 0.0.1-security for a vulnerability fix. However, the issue description mentions fixing an API call (ensuring URL params are correctly passed) and adding tests for it. This PR does not include those changes.
• Reason this comment was not posted:
  Comment did not seem useful. Confidence is useful = 0% <= threshold 50% The comment is pointing out a discrepancy between the PR description and the actual changes made in the PR. However, it is asking the author to update the PR description, which is against the rules. The comment is not providing a specific code suggestion or asking for a specific test to be written. Therefore, it should be removed.

Workflow ID: wflow_bmadGhhBw8RefZ3X

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}