Skip to content

DynamoDB Revamp#16708

Merged
gsmithun4 merged 2 commits into
mainfrom
fix/dynamoDb-revamp
Jun 25, 2026
Merged

DynamoDB Revamp#16708
gsmithun4 merged 2 commits into
mainfrom
fix/dynamoDb-revamp

Conversation

@rudeUltra

Copy link
Copy Markdown
Collaborator

No description provided.

@socket-security

socket-security Bot commented Jun 5, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: Handlebars.js has JavaScript Injection via AST Type Confusion

CVE: GHSA-2w6w-674q-4c4q Handlebars.js has JavaScript Injection via AST Type Confusion (CRITICAL)

Affected versions: >= 4.0.0 < 4.7.9

Patched version: 4.7.9

From: plugins/package-lock.jsonnpm/handlebars@4.7.8

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/handlebars@4.7.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @azure/msal-common is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/@azure/msal-common@15.13.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@azure/msal-common@15.13.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @databricks/sql is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/@databricks/sql@1.12.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@databricks/sql@1.12.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @protobufjs/float is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/@protobufjs/float@1.0.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@protobufjs/float@1.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm bowser is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/@aws-sdk/credential-provider-node@3.972.14npm/@aws-sdk/client-dynamodb@3.1000.0npm/@aws-sdk/client-sts@3.1000.0npm/@aws-sdk/lib-dynamodb@3.1000.0npm/@aws-sdk/client-sesv2@3.1000.0npm/@aws-sdk/client-s3@3.1000.0npm/@aws-sdk/credential-providers@3.1000.0npm/bowser@2.13.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/bowser@2.13.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm commander is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/@databricks/sql@1.12.0npm/commander@9.5.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/commander@9.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm cssom is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/jest@27.5.1npm/cssom@0.3.8

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cssom@0.3.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm cssom is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/jest@27.5.1npm/cssom@0.4.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cssom@0.4.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm diff-sequences is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/@types/jest@27.5.2npm/jest@27.5.1npm/diff-sequences@27.5.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/diff-sequences@27.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm eslint-plugin-jest is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: plugins/package-lock.jsonnpm/eslint-plugin-jest@24.7.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-jest@24.7.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm rimraf is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: frontend/package-lock.jsonnpm/rimraf@5.0.10

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rimraf@5.0.10. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@srushti-chavanke srushti-chavanke added the create-ee-lts-review-app uses ./docker/LTS/ee/ee-preview.Dockerfile label Jun 8, 2026
@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

🚀 EE LTS Review App Deployed!

Resource Link
App URL https://tooljet-ee-lts-pr-16708.onrender.com
Render Dashboard https://dashboard.render.com/web/srv-d8j47ri8qa3s73eutr30

Deployed using DockerHub-based pipeline - LTS Edition

@github-actions github-actions Bot added active-ee-lts-review-app For lts (github action build and deploy on render)) and removed create-ee-lts-review-app uses ./docker/LTS/ee/ee-preview.Dockerfile labels Jun 8, 2026
@adishM98 adishM98 added the suspend-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 9, 2026
@github-actions github-actions Bot removed the active-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 9, 2026
@Mekhla-Asopa Mekhla-Asopa removed the suspend-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 23, 2026
@github-actions github-actions Bot added the active-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 23, 2026
@adishM98 adishM98 added the suspend-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 23, 2026
@github-actions github-actions Bot removed the active-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 23, 2026
@Mekhla-Asopa Mekhla-Asopa removed the suspend-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 24, 2026
@github-actions github-actions Bot added the active-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 24, 2026
@adishM98 adishM98 added the suspend-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 24, 2026
@github-actions github-actions Bot removed the active-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 24, 2026
@gsmithun4 gsmithun4 merged commit 860d273 into main Jun 25, 2026
370 of 371 checks passed
@gsmithun4 gsmithun4 deleted the fix/dynamoDb-revamp branch June 25, 2026 06:28
@github-actions github-actions Bot removed the suspend-ee-lts-review-app For lts (github action build and deploy on render)) label Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants