Skip to content

fix(deps): bump and lock dependencies to fix vulnerabilties#342

Merged
diatrcz merged 5 commits into
mainfrom
lt/fix-cve
May 4, 2026
Merged

fix(deps): bump and lock dependencies to fix vulnerabilties#342
diatrcz merged 5 commits into
mainfrom
lt/fix-cve

Conversation

@diatrcz
Copy link
Copy Markdown
Contributor

@diatrcz diatrcz commented Apr 30, 2026
edited
Loading

Due to the recent CVEs this PR locks the dependency version to prevent security breaches like the recent axios one.

It also bumps most dependencies that cause vulnerabilities shown in npm audit and dependabot.

diatrcz added 3 commits April 30, 2026 10:46
@diatrcz
fix(deps): lock dependency versions
9d080fb 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz
fix(deps): bump dependencies to fix vulnerabilities
bec6706 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz
fix(deps): bump dependencies to fix vulnerabilities
92f37a8 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz diatrcz changed the title Lt/fix CVE fix(deps): bump and lock dependencies to fix vulnerabilties Apr 30, 2026
@diatrcz
fix(): lint fix
34cc228 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz diatrcz marked this pull request as ready for review April 30, 2026 12:33
@diatrcz diatrcz requested a review from pyrooka April 30, 2026 12:36
pyrooka
pyrooka approved these changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left one questions, but it looks good overall!

Comment thread package.json Outdated
"eslint-plugin-jsdoc": "34.6.3",
"eslint-plugin-node": "9.0.0",
"eslint-plugin-prettier": "3.0.1",
"jest": "^29.7.0",
Copy link
Copy Markdown
Member

@pyrooka pyrooka May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason you left jest out from the version pinning?

Copy link
Copy Markdown
Contributor Author

@diatrcz diatrcz May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, I fixed it before merging the PR.

@diatrcz
fix: lock jest version
a3c0510 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz diatrcz merged commit 46a93f2 into main May 4, 2026
14 checks passed
@diatrcz diatrcz deleted the lt/fix-cve branch May 4, 2026 12:14
ibm-devx-sdk pushed a commit that referenced this pull request May 4, 2026
@semantic-release-bot
chore(release): 5.4.13 [skip ci]
f49d527 
## [5.4.13](v5.4.12...v5.4.13) (2026-05-04)

### Bug Fixes

* **deps:** bump and lock dependencies to fix vulnerabilties ([#342](#342)) ([46a93f2](46a93f2))
@ibm-devx-sdk
Copy link
Copy Markdown

ibm-devx-sdk commented May 4, 2026

🎉 This PR is included in version 5.4.13 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pyrooka pyrooka pyrooka approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@diatrcz @ibm-devx-sdk @pyrooka