Skip to content

CAAS-3389 bump critical and high packages#23

Merged
marynicholson3 merged 2 commits into
mainfrom
feature/CAAS-3389_bump_critical_and_high
Jan 19, 2026
Merged

CAAS-3389 bump critical and high packages#23
marynicholson3 merged 2 commits into
mainfrom
feature/CAAS-3389_bump_critical_and_high

Conversation

@marynicholson3

@marynicholson3 marynicholson3 commented Jan 7, 2026

Copy link
Copy Markdown
Contributor

Jira
Tested in caas repo using the latest commit hash - evidence on ticket

Significant Changes

  • pnpm lock removed as not used
  • Updated package.json to remove refs to pnpm
  • Needed tool version and that removed from the git ignore
  • bumped aws-sdk to remove axios and form-data vulnerability
  • glob bumped for that vulnerability
  • licences updated using the tool
  • likewise dist/index.js updated using npm run release as per contributing guidance

Checklist

  • Ensure your branch name matches one of the patterns that will trigger the CI checks (feature/** or bugfix/**).
  • Brief description of work completed, and any technical decisions made as part of the PR
  • PR link added as a comment to the relevant JIRA ticket
  • PR Labels have been applied to the Pull Request
  • Reviewers have been assigned (only if specific named reviewers are necessary)
  • PR link shared on Slack and Teams
  • 2 reviews received

@marynicholson3 marynicholson3 self-assigned this Jan 7, 2026
@marynicholson3
marynicholson3 requested a review from a team as a code owner January 7, 2026 15:50
@marynicholson3 marynicholson3 added the dependencies Pull requests that update a dependency file label Jan 7, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jan 7, 2026

Copy link
Copy Markdown

@marynicholson3
marynicholson3 merged commit 5094add into main Jan 19, 2026
13 of 14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants