Skip to content

fix(deps): lock and bump versions to avoid CVEs#339

Merged
diatrcz merged 2 commits intomainfrom
lt/lock-dependency
May 7, 2026
Merged

fix(deps): lock and bump versions to avoid CVEs#339
diatrcz merged 2 commits intomainfrom
lt/lock-dependency

Conversation

@diatrcz
Copy link
Copy Markdown
Contributor

@diatrcz diatrcz commented May 6, 2026

Locks every dependency version in package.json and updates the vulnerabilities found by dependabot.

@diatrcz
fix(deps): lock and bump versions to avoid CVEs
b8fddf8 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz diatrcz requested a review from pyrooka May 6, 2026 15:10
pyrooka
pyrooka reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving the core to be in a range is fine since it's out package, but shouldn't @types/node be pinned too?

@diatrcz
fix(deps): lock and bump versions to avoid CVEs
f5d51f9 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz diatrcz requested a review from pyrooka May 6, 2026 16:23
pyrooka
pyrooka approved these changes May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@diatrcz diatrcz merged commit edd6462 into main May 7, 2026
14 checks passed
@diatrcz diatrcz deleted the lt/lock-dependency branch May 7, 2026 08:45
ibm-devx-sdk pushed a commit that referenced this pull request May 7, 2026
@semantic-release-bot
chore(release): 0.83.4 [skip ci]
f29f522 
## [0.83.4](v0.83.3...v0.83.4) (2026-05-07)

### Bug Fixes

* **deps:** lock and bump versions to avoid CVEs ([#339](#339)) ([edd6462](edd6462))
@ibm-devx-sdk
Copy link
Copy Markdown

ibm-devx-sdk commented May 7, 2026

🎉 This PR is included in version 0.83.4 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pyrooka pyrooka pyrooka approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@diatrcz @ibm-devx-sdk @pyrooka