Skip to content

chore: address vulnerabilities & update community call details#3947

Merged
mkurapov merged 7 commits into
mainfrom
mk/update-deps
Jun 30, 2026
Merged

chore: address vulnerabilities & update community call details#3947
mkurapov merged 7 commits into
mainfrom
mk/update-deps

Conversation

@mkurapov

@mkurapov mkurapov commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Changes proposed in this pull request

  • Addressing vulnerabilities to make Trivy & Grype scans pass
  • Updating community call details

Context

Checklist

  • Related issues linked using fixes #number
  • Tests added/updated
  • Make sure that all checks pass
  • Bruno collection updated (if necessary)
  • Documentation issue created with user-docs label (if necessary)
  • OpenAPI specs updated (if necessary)

@netlify

netlify Bot commented Jun 29, 2026

Copy link
Copy Markdown

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit 40f7f09
🔍 Latest deploy log https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/6a42683a32b6a5000820edaa

@github-actions github-actions Bot added the pkg: frontend Changes in the frontend package. label Jun 29, 2026
@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

🚀 Performance Test Results

Test Configuration:

  • VUs: 4
  • Duration: 1m0s

Test Metrics:

  • Requests/s: 45.81
  • Iterations/s: 15.28
  • Failed Requests: 0.00% (0 of 2756)
📜 Logs

> performance@1.0.0 run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test -k -q --vus 4 --duration 1m

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 995 kB 17 kB/s
     data_sent......................: 2.1 MB 35 kB/s
     http_req_blocked...............: avg=7.38µs  min=2.15µs   med=4.51µs   max=1.15ms   p(90)=5.98µs   p(95)=6.66µs  
     http_req_connecting............: avg=591ns   min=0s       med=0s       max=674.05µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=86.64ms min=7.31ms   med=70.21ms  max=455ms    p(90)=147ms    p(95)=166.7ms 
       { expected_response:true }...: avg=86.64ms min=7.31ms   med=70.21ms  max=455ms    p(90)=147ms    p(95)=166.7ms 
     http_req_failed................: 0.00%  ✓ 0         ✗ 2756
     http_req_receiving.............: avg=84.83µs min=23.26µs  med=74.81µs  max=789.33µs p(90)=116.39µs p(95)=147.88µs
     http_req_sending...............: avg=33.39µs min=9.07µs   med=23.3µs   max=1.38ms   p(90)=44.29µs  p(95)=63.4µs  
     http_req_tls_handshaking.......: avg=0s      min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=86.52ms min=7.17ms   med=70.04ms  max=454.93ms p(90)=146.88ms p(95)=166.59ms
     http_reqs......................: 2756   45.814343/s
     iteration_duration.............: avg=261.5ms min=163.55ms med=248.94ms max=899.68ms p(90)=319.39ms p(95)=362.97ms
     iterations.....................: 919    15.276989/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4 

Comment thread .trivyignore
CVE-2026-29786 exp:2026-06-01
CVE-2026-31802 exp:2026-06-01
CVE-2026-22184 exp:2026-06-01 No newline at end of file
CVE-2026-12151 No newline at end of file

@mkurapov mkurapov Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@github-actions github-actions Bot added the type: ci Changes to the CI label Jun 29, 2026
@mkurapov mkurapov changed the title chore: update packages to address vulns chore: address vulnerabilities & remove monthly sync action Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mkurapov mkurapov changed the title chore: address vulnerabilities & remove monthly sync action chore: address vulnerabilities & update community call details Jun 29, 2026
Comment thread package.json
"undici@>=5.0.0": "^8.3.0",
"undici@>=6.0.0": "^6.24.0",
"undici@>=6.0.0": "^6.27.0",
"@grpc/grpc-js@>=1.0.0": "^1.10.12",

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Used by a bunch of the open telemetry libraries, adding override instead of chasing updates for each of them.

Comment thread package.json
"qs@<6.14.1": ">=6.14.1",
"@apollo/server": "^5.5.0"
"@apollo/server": "^5.5.0",
"turbo-stream": "^3.0.0"

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

turbo-stream is a dependency of remix packages, waiting for those packages to upgrade this library

@mkurapov mkurapov merged commit 2dcb3c5 into main Jun 30, 2026
58 checks passed
@mkurapov mkurapov deleted the mk/update-deps branch June 30, 2026 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

pkg: frontend Changes in the frontend package. pkg: mock-ase type: ci Changes to the CI

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants