Skip to content

Security Updates: June 2026#692

Merged
adams85 merged 4 commits into
masterfrom
security-updates-june-2026
Jun 23, 2026
Merged

Security Updates: June 2026#692
adams85 merged 4 commits into
masterfrom
security-updates-june-2026

Conversation

@codedbychavez

Copy link
Copy Markdown
Contributor

Describe the purpose of your pull request

  • Security updates for June 2026

Related issues (only if applicable)

  • Provide links to issues relating to this pull request.

How to test? (only if applicable)

  • What part of the application was affected by the changes? What should be tested?

Requirement checklist

  • I have validated my changes on a test/local environment.
  • I have tested that the code snippets I added work. (Leave unchecked if there are no new code snippets.)
  • I have added my changes to the V1 and V2 documentations.

@codedbychavez codedbychavez requested a review from a team as a code owner June 16, 2026 21:26
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 16, 2026

Copy link
Copy Markdown

Deploying configcat-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: 46fb106
Status: ✅  Deploy successful!
Preview URL: https://dcfcb726.docs-xmy.pages.dev
Branch Preview URL: https://security-updates-june-2026.docs-xmy.pages.dev

View logs

@adams85 adams85 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

npm audit still indicate a lot of vulnerabilities.

We could attempt to fix at least the high severity issues by pinning the problematic transitive dependencies:

  "overrides": {
    "lodash": "^4.18.1",
    "serialize-javascript": "^7.0.5"
  },

Of course, only if this doesn't break the project. (If npm start and npm build work, it will likely be ok.)

laliconfigcat
laliconfigcat previously approved these changes Jun 17, 2026
@laliconfigcat laliconfigcat dismissed their stale review June 17, 2026 11:15

accidentally approved, sorry

@codedbychavez

Copy link
Copy Markdown
Contributor Author

Hi @adams85

Adding the overrides worked! Thank you 🙏

You can have another look.

@codedbychavez codedbychavez requested a review from adams85 June 22, 2026 13:27

@adams85 adams85 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, all looks good now (at least, as far as it's possible 😄).

(The reminder applies here too: let's not forget to remove the overrides once they update the top-level dependency, docusaurus, to reference the patched version.)

@codedbychavez

codedbychavez commented Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Thank you, all looks good now (at least, as far as it's possible 😄).

(The reminder applies here too: let's not forget to remove the overrides once they update the top-level dependency, docusaurus, to reference the patched version.)

Sure, no problem! 📝

@adams85 It seems like the validate_documentExpected — Waiting for status to be reported check is stuck and I can't merge 🤔

@adams85

adams85 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Looks unrelated to the changes, probably it's just some issue with GitHub.

I'll bypass the checks and merge the PR.

@adams85 adams85 merged commit 36b0280 into master Jun 23, 2026
4 of 5 checks passed
@adams85 adams85 deleted the security-updates-june-2026 branch June 23, 2026 10:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants