Skip to content

address follow-redirects dependency vulnerability#8380

Merged
etrepum merged 1 commit intomainfrom
fix/follow-redirects-security-vulnerability
Apr 22, 2026
Merged

address follow-redirects dependency vulnerability#8380
etrepum merged 1 commit intomainfrom
fix/follow-redirects-security-vulnerability

Conversation

@vishisht31
Copy link
Copy Markdown
Contributor

@vishisht31 vishisht31 commented Apr 22, 2026

Description

Describe the changes in this pull request

Updated package.json to manually override the version of the dependency follow-redirects from 1.15.11 to >=1.16.0 to address the security vulnerability.

Package Dependency
Repository: facebook/lexical
Manifest file: pnpm-lock.yaml
Package name: follow-redirects
Affected versions: <= 1.15.11
Fixed in version: 1.16.0

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 22, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
lexical Ready Ready Preview, Comment Apr 22, 2026 4:01am
lexical-playground Ready Ready Preview, Comment Apr 22, 2026 4:01am

Request Review

@meta-cla meta-cla Bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Apr 22, 2026
@vishisht31 vishisht31 marked this pull request as ready for review April 22, 2026 04:14
@etrepum etrepum added the extended-tests Run extended e2e tests on a PR label Apr 22, 2026
etrepum
etrepum reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@etrepum etrepum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR title and description does not match the template https://raw.githubusercontent.com/facebook/lexical/refs/heads/main/.github/pull_request_template.md

@potatowagon
Copy link
Copy Markdown
Contributor

potatowagon commented Apr 22, 2026
edited
Loading

This PR title and description does not match the template https://raw.githubusercontent.com/facebook/lexical/refs/heads/main/.github/pull_request_template.md

might be a claude thing. Vishisht is onboarding onto lexical, this is his starter task

@etrepum
Copy link
Copy Markdown
Collaborator

etrepum commented Apr 22, 2026

might be worth adding something to AGENTS.md about following the template, I know from experience that claude can do this correctly if you ask it

@etrepum etrepum added this pull request to the merge queue Apr 22, 2026
Merged via the queue into main with commit d138100 Apr 22, 2026
51 checks passed
@etrepum etrepum mentioned this pull request Apr 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@etrepum etrepum etrepum left review comments

@potatowagon potatowagon potatowagon approved these changes

@zurfyx zurfyx Awaiting requested review from zurfyx zurfyx is a code owner

@fantactuka fantactuka Awaiting requested review from fantactuka fantactuka is a code owner

@acywatson acywatson Awaiting requested review from acywatson acywatson is a code owner

@ivailop7 ivailop7 Awaiting requested review from ivailop7 ivailop7 is a code owner

@takuyakanbr takuyakanbr Awaiting requested review from takuyakanbr takuyakanbr is a code owner

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. extended-tests Run extended e2e tests on a PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vishisht31 @potatowagon @etrepum