Skip to content

chore(deps): update vulnerable packages#2859

Open
sjinks wants to merge 1 commit into
trunkfrom
update-vulnerable-deps
Open

chore(deps): update vulnerable packages#2859
sjinks wants to merge 1 commit into
trunkfrom
update-vulnerable-deps

Conversation

@sjinks
Copy link
Copy Markdown
Member

@sjinks sjinks commented May 29, 2026

Purpose and Context

The shrinkwrap includes transitive dependency versions affected by moderate npm audit findings for brace-expansion, protobufjs, and ws. Refreshing these resolutions picks up patched versions for the reported vulnerable ranges.

Key Changes

  • Update brace-expansion, protobufjs, engine.io-client, and ws shrinkwrap entries.
  • Refresh related protobufjs transitive dependency resolutions.

Impact and Considerations

This is a dependency maintenance update with no intended changes to CLI behavior. No migrations or configuration changes are required.

@sjinks
chore(deps): update vulnerable packages
fb3d9d2 
## Purpose and Context

The shrinkwrap includes transitive dependency versions affected by
moderate npm audit findings for brace-expansion, protobufjs, and ws.
Refreshing these resolutions picks up patched versions for the reported
vulnerable ranges.

## Key Changes

- Update brace-expansion, protobufjs, engine.io-client, and ws
  shrinkwrap entries.
- Refresh related protobufjs transitive dependency resolutions.

## Impact and Considerations

This is a dependency maintenance update with no intended CLI behavior
changes. No migrations or configuration changes are required.
@sjinks sjinks self-assigned this May 29, 2026
Copilot AI review requested due to automatic review settings May 29, 2026 15:49
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 29, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 29, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI reviewed May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

Files not reviewed (1)
  • npm-shrinkwrap.json: Language not supported

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@sjinks sjinks

Labels

dependencies [Status] Needs Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sjinks