chore: [sc-13928] CVE-2025-62718: internal-tools-v3, react-addsearch-ui, ready-made-recommendation-widget, admin-panel-react

[haoAddsearch]

Story details: https://app.shortcut.com/addsearch/story/13928

Summary by CodeRabbit

Release Notes

• Chores
  • Version bump to 0.10.5
  • Updated package dependencies to latest compatible versions

[coderabbitai]

Walkthrough

Version bump and dependency maintenance: package version incremented from 0.10.4 to 0.10.5, handlebars updated to 4.7.9, and transitive dependency overrides expanded to include brace-expansion, picomatch, and yaml with serialize-javascript also updated.

Changes

Cohort / File(s)	Summary
Package Version & Dependencies package.json	Bumped package version to 0.10.5; updated handlebars to ^4.7.9; pinned transitive dependencies (brace-expansion 2.1.0, picomatch 2.3.2, yaml 1.10.3); updated serialize-javascript to 7.0.5.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Sc 13641/patch cv es #160: Continues dependency management work with additional transitive dependency overrides and further version updates following the initial 0.10.4 bump pattern.

Suggested reviewers

• italo-addsearch

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions CVE-2025-62718 and lists four package names, but the actual changes are limited to package.json dependency updates (handlebars, brace-expansion, picomatch, serialize-javascript, yaml). The title is overly broad and lists packages not modified in this PR.	Simplify the title to focus on the core change: 'chore: Patch dependencies for CVE-2025-62718' or 'chore: Update handlebars and transitive dependencies for security patches'. Remove the list of unmodified packages.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sc-13928/cve-2025-62718

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

🧹 Nitpick comments (1)

package.json (1)

82-88: Run tests to verify compatibility after dependency updates.

After updating multiple transitive dependencies via overrides, ensure that the test suite passes and that no unexpected behavioral changes have been introduced.

#!/bin/bash
# Description: Verify that tests pass with the updated dependencies.

# Install dependencies with the new overrides
npm install

# Run the test suite
npm test

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 82 - 88, You updated transitive dependencies in
the package.json "overrides" block (e.g., "braces", "serialize-javascript",
"brace-expansion", "picomatch", "yaml"); run the project test suite to verify
compatibility by installing with the new overrides (npm install) and executing
npm test, examine failing tests or runtime errors, and if any regressions appear
either adjust the overrides, add necessary code fixes, or revert the specific
override causing the breakage and re-run tests and CI until all tests pass.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@package.json`:
- Around line 82-88: You updated transitive dependencies in the package.json
"overrides" block (e.g., "braces", "serialize-javascript", "brace-expansion",
"picomatch", "yaml"); run the project test suite to verify compatibility by
installing with the new overrides (npm install) and executing npm test, examine
failing tests or runtime errors, and if any regressions appear either adjust the
overrides, add necessary code fixes, or revert the specific override causing the
breakage and re-run tests and CI until all tests pass.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2c8b759c-0876-42ed-8a78-d68b6a1e1a8d

📥 Commits

Reviewing files that changed from the base of the PR and between 4ae9c01 and 76082be.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json