Vuln fixes #1424
Vuln fixes #1424
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR downgrades the ibm_db package from version ^3.3.4 to 3.3.0 in the rocketadmin-agent package, adds comprehensive widget system documentation, and updates the yarn.lock file accordingly. The changes include:
- Pinning
ibm_dbto an exact older version - Adding detailed documentation for the widget system
- Updating dependency resolution in yarn.lock
Reviewed Changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| rocketadmin-agent/package.json | Downgrades ibm_db from ^3.3.4 to exact version 3.3.0 |
| yarn.lock | Adds dependency resolution entries for ibm_db 3.3.0, axios ^1.7.4, and nan ^2.22.0; removes auto-generated header comments |
| WIDGETS.md | New comprehensive documentation for the widget system including architecture, implementation guide, and testing instructions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| }, | ||
| "optionalDependencies": { | ||
| "ibm_db": "^3.3.4" | ||
| "ibm_db": "3.3.0" |
There was a problem hiding this comment.
The ibm_db version has been changed from ^3.3.4 (allowing patch updates) to an exact version 3.3.0 (pinned). This is a significant downgrade from 3.3.4 to 3.3.0, skipping 4 patch versions. Pinning to an exact version prevents automatic security and bug fixes. If this downgrade is intentional due to a breaking change or bug in 3.3.1-3.3.4, consider documenting the reason in a comment or commit message to help future maintainers understand why this specific version is required.
| "ibm_db": "3.3.0" | |
| "ibm_db": "^3.3.4" |
No description provided.