[Snyk] Security upgrade mattermost-redux from 10.8.0 to 11.4.0

[mm-prodsec-bot]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• webapp/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Operation on a Resource after Expiration or Release SNYK-JS-MATTERMOSTREDUX-15702176	465

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Change Impact: 🟠 Medium

Regression Risk: The upgrade from mattermost-redux 10.8.0 to 11.4.0 is flagged as a breaking change and introduces meaningful regression risk. The library is a core dependency providing Client4 (the HTTP client for API communication) and Redux state management utilities. While the import footprint is concentrated in octoClient.ts, the Client4 client is fundamental to all backend API interactions. The vulnerability being fixed ("Operation on a Resource after Expiration or Release") relates to session/resource lifecycle management, which directly impacts authentication, authorization, and async request handling—all critical paths. Breaking changes in this foundational client library could propagate failures across API calls, authentication flows, and data synchronization operations.

QA Recommendation: Comprehensive manual QA is recommended with focus on: (1) authentication flows (login/logout/session recovery), (2) all API operations through Client4 (CRUD operations on boards, blocks, channels), (3) session expiration and token refresh scenarios, (4) concurrent requests and async data loading, (5) error handling and retry logic for API failures. The breaking change designation combined with the vulnerability's resource lifecycle focus warrants thorough testing of authentication and API interaction paths before deployment.

Generated by CodeRabbitAI

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d55550e9-e46a-43a7-a955-97bd334c5d56

📥 Commits

Reviewing files that changed from the base of the PR and between bc67146 and 778effc.

📒 Files selected for processing (1)

• webapp/package.json

---

📝 Walkthrough

Walkthrough

The webapp/package.json file has been updated to bump the mattermost-redux dependency version from 10.8.0 to 11.4.0. This change modifies the runtime library code resolved from npm for all imports referencing the mattermost-redux package.

Changes

Cohort / File(s)	Summary
Dependency Update webapp/package.json	Updated mattermost-redux dependency version from 10.8.0 to 11.4.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: a security upgrade of mattermost-redux from version 10.8.0 to 11.4.0, which matches the single file modification in webapp/package.json.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch snyk-fix-cf6c4be4b1578f85ccb34bb145459941

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Rajat-Dabade]

@coderabbitai review this PR

[coderabbitai]

The PR description images show:

1. A medium severity badge (orange "M" icon from Snyk) associated with the vulnerability being fixed.
2. A tracking pixel image (a 0×0 Snyk analytics pixel, essentially invisible).

@Rajat-Dabade Sure, I'll review this PR now. It's a Snyk-automated security upgrade of mattermost-redux from 10.8.0 to 11.4.0 in webapp/package.json, addressing a medium severity vulnerability (SNYK-JS-MATTERMOSTREDUX-15702176). Note that Snyk has flagged this as a breaking change, so the review will pay close attention to any potential compatibility issues.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.