fix(deps): upgrade deps to fix new vulnerabilities#8070
Conversation
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment Tip Migrating from UI to YAML configuration.Use the |
AviVahl
force-pushed
the
fix-vulnerabilties
branch
from
6bbb2ea to
a716756
Compare
serhalp
changed the title
|
I see some Integration Tests failures. Probably related to the |
- fixed all vulnerabilities of production deps by ensuring latest ajv/minimatch versions are used. - repository now only has vulnerabilities coming from the verdaccio dev dependency. this can be validated by removing verdaccio and seeing the count drops to: "found 0 vulnerabilities".
Head branch was pushed to by a user without write access
AviVahl
force-pushed
the
fix-vulnerabilties
branch
from
a716756 to
3ac7b26
Compare
|
Alright, I've downgraded the everything vulnerable still only coming from |
🤖 I have created a release *beep* *boop* --- ## [24.4.0](v24.3.0...v24.4.0) (2026-03-20) ### Features * propagate @netlify/build version, primary framework and its version ([#8049](#8049)) ([1db6f6e](1db6f6e)) * support switching to a known user ([#8046](#8046)) ([e460e68](e460e68)) ### Bug Fixes * **deps:** bump h3 from 1.15.5 to 1.15.8 ([#8055](#8055)) ([7a1c8fa](7a1c8fa)) * **deps:** update dependency @netlify/dev to v4.16.3 ([#8053](#8053)) ([4460d87](4460d87)) * **deps:** update dependency @netlify/dev to v4.16.4 ([#8060](#8060)) ([d0491da](d0491da)) * **deps:** update dependency @netlify/dev-utils to v4.4.2 ([#8054](#8054)) ([bdb944f](bdb944f)) * **deps:** update dependency @netlify/dev-utils to v4.4.3 ([#8061](#8061)) ([78b5af9](78b5af9)) * **deps:** update dependency @netlify/edge-functions to v3.0.5 ([#8056](#8056)) ([6254a75](6254a75)) * **deps:** update dependency @netlify/edge-functions to v3.0.6 ([#8063](#8063)) ([7646545](7646545)) * **deps:** update dependency @netlify/functions to v5.1.4 ([#8057](#8057)) ([18d5ccb](18d5ccb)) * **deps:** update dependency @netlify/functions to v5.1.5 ([#8064](#8064)) ([77a9249](77a9249)) * **deps:** update dependency @netlify/images to v1.3.6 ([#8058](#8058)) ([06f564b](06f564b)) * **deps:** update dependency @netlify/images to v1.3.7 ([#8065](#8065)) ([12a3a3f](12a3a3f)) * **deps:** update dependency cookie to v1.1.1 ([#8037](#8037)) ([6e6bcf5](6e6bcf5)) * **deps:** update dependency envinfo to v7.21.0 ([#8039](#8039)) ([08b5fc5](08b5fc5)) * **deps:** update netlify packages ([#8047](#8047)) ([d57ce32](d57ce32)) * **deps:** update netlify packages ([#8062](#8062)) ([3006f8c](3006f8c)) * **deps:** update netlify packages ([#8067](#8067)) ([02632aa](02632aa)) * **deps:** upgrade deps to fix new vulnerabilities ([#8070](#8070)) ([e3655f9](e3655f9)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: token-generator-app[bot] <82042599+token-generator-app[bot]@users.noreply.github.com>
2 participants
Summary
ajv/minimatchversions are used.verdacciodev dependency. this can be validated by removingverdaccioand seeing the count drops to: "found 0 vulnerabilities".A picture of a cute animal (not mandatory, but encouraged)
(generated using Nano Banana 2)