Skip to content

chore(ci): bump packages#163

Merged
svc-devtoolsbot merged 1 commit intomainfrom
ci/bump-packages
Sep 20, 2023
Merged

chore(ci): bump packages#163
svc-devtoolsbot merged 1 commit intomainfrom
ci/bump-packages

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Sep 20, 2023

  • Bump package versions

@svc-devtoolsbot svc-devtoolsbot merged commit 665d291 into main Sep 20, 2023
@svc-devtoolsbot svc-devtoolsbot deleted the ci/bump-packages branch September 20, 2023 15:14
github-actions Bot added a commit that referenced this pull request Apr 22, 2026
@github-actions
chore(deps): bump minimatch transitive dependencies to safe versions
0a9361a 
Adds npm overrides to force safe versions of minimatch for packages
that were locked to vulnerable transitive versions:

- mocha pinned minimatch to exactly 3.0.4 (vulnerable: < 3.1.4)
  → override to 3.1.5
- depcheck required ^7.4.6 but was locked to 7.4.6 (vulnerable: < 7.4.8)
  → override to 7.4.9
- @typescript-eslint/typescript-estree required ^9.0.4, locked at 9.0.5
  (vulnerable: < 9.0.7) → override to 9.0.9
- glob@10 required ^9.0.4, locked at 9.0.5 → override to 9.0.9
- ignore-walk, @npmcli/package-json, cacache had minimatch 10.2.0
  locked (vulnerable: < 10.2.3) → override to 10.2.5

Resolves Dependabot alerts: #169, #168, #166, #165, #163, #162, #158, #154, #153, #152

GHSA-23c5-xmqv-rm74 (CVE-2026-27904)
GHSA-7r86-cg39-jmmj (CVE-2026-27903)
GHSA-3ppc-4f35-3m26 (CVE-2026-26996)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@svc-devtoolsbot