Skip to content

fix(security): resolve node-forge vulnerabilities via pnpm overrides#12

Merged
jmrplens merged 2 commits into
mainfrom
fix/dependabot-security-updates
Jan 5, 2026
Merged

fix(security): resolve node-forge vulnerabilities via pnpm overrides#12
jmrplens merged 2 commits into
mainfrom
fix/dependabot-security-updates

Conversation

@jmrplens
Copy link
Copy Markdown
Owner

@jmrplens jmrplens commented Jan 5, 2026

This PR resolves security vulnerabilities identified in node-forge (a sub-dependency of sonarqube-scanner) by enforcing version >=1.3.2 using pnpm.overrides. This addresses the reported high and moderate severity vulnerabilities.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jan 5, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@jmrplens jmrplens merged commit b014ebe into main Jan 5, 2026
4 checks passed
@jmrplens jmrplens deleted the fix/dependabot-security-updates branch January 6, 2026 02:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmrplens