Skip to content

fix: address vulnerabilities 2026-04-17#7993

Merged
n1ru4l merged 4 commits intomainfrom
chore-vulnerabilities-2026-04-17-part-1
Apr 17, 2026
Merged

fix: address vulnerabilities 2026-04-17#7993
n1ru4l merged 4 commits intomainfrom
chore-vulnerabilities-2026-04-17-part-1

Conversation

@n1ru4l
Copy link
Copy Markdown
Contributor

@n1ru4l n1ru4l commented Apr 17, 2026

gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates @fastify/static to version 9.1.1 and adds several changeset files addressing various security vulnerabilities. The review feedback highlights the need to update the pnpm-lock.yaml file to ensure transitive vulnerabilities are properly resolved and suggests a capitalization fix in one of the changeset files for consistency.

Comment thread packages/web/app/package.json
"@dnd-kit/utilities": "^3.2.2",
"@fastify/cors": "11.2.0",
"@fastify/static": "9.0.0",
"@fastify/static": "9.1.1",
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The pnpm-lock.yaml file is not updated in this pull request. This prevents the resolution of transitive vulnerabilities mentioned in the changesets (such as GHSA-72c6-fx6q-fr5w and GHSA-v9ww-2j6r-98q6), as they require a lockfile update to pin the secure versions.

Comment thread .changeset/dull-mails-deny.md Outdated
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 17, 2026
edited
Loading

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package Version Info
@graphql-hive/laboratory 0.1.4-alpha-20260417063516-268532b6d757964032f0a3bf76ce5c2215357e61 npm ↗︎ unpkg ↗︎
@graphql-hive/render-laboratory 0.1.4-alpha-20260417063516-268532b6d757964032f0a3bf76ce5c2215357e61 npm ↗︎ unpkg ↗︎
hive 11.0.3-alpha-20260417063516-268532b6d757964032f0a3bf76ce5c2215357e61 npm ↗︎ unpkg ↗︎

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 17, 2026
edited
Loading

🐋 This PR was built and pushed to the following Docker images:

Targets: build

Platforms: linux/amd64

Image Tag: 268532b6d757964032f0a3bf76ce5c2215357e61

@n1ru4l @gemini-code-assist
Update .changeset/dull-mails-deny.md
268532b 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@n1ru4l n1ru4l marked this pull request as ready for review April 17, 2026 06:34
@n1ru4l n1ru4l merged commit 730771f into main Apr 17, 2026
13 checks passed
@n1ru4l n1ru4l deleted the chore-vulnerabilities-2026-04-17-part-1 branch April 17, 2026 06:34
This was referenced Apr 16, 2026
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@n1ru4l