Skip to content

fix(security): update dependencies to resolve vulnerabilities#5

Merged
toiroakr merged 1 commit into
mainfrom
chore/update
Apr 27, 2026
Merged

fix(security): update dependencies to resolve vulnerabilities#5
toiroakr merged 1 commit into
mainfrom
chore/update

Conversation

@toiroakr
Copy link
Copy Markdown
Contributor

@toiroakr toiroakr commented Apr 22, 2026

Summary

  • Update transitive dependencies to fix security vulnerabilities:
    • protobufjs: 7.5.4 → 8.0.1 (critical: arbitrary code execution)
    • brace-expansion: 1.1.12 → 1.1.14 (medium: DoS via process hang)
    • valibot: 1.1.0 → 1.3.1 (high: ReDoS vulnerability in EMOJI_REGEX)
  • Add pnpm overrides for valibot to force minimum version 1.2.0
  • Enable Renovate for tests directory to ensure future updates

@toiroakr
fix(security): update dependencies to resolve vulnerabilities
af51ef6 
- protobufjs: 7.5.4 -> 8.0.1 (critical: arbitrary code execution)
- brace-expansion: 1.1.12 -> 1.1.14 (medium: DoS)
- valibot: 1.1.0 -> 1.3.1 (high: ReDoS)

Also enable renovate for tests directory
@toiroakr toiroakr requested a review from remiposo April 22, 2026 14:56
@toiroakr toiroakr marked this pull request as ready for review April 22, 2026 14:56
@toiroakr toiroakr merged commit 065a0a8 into main Apr 27, 2026
3 checks passed
@toiroakr toiroakr deleted the chore/update branch April 27, 2026 04:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@remiposo remiposo remiposo approved these changes

Assignees

@remiposo remiposo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@toiroakr @remiposo