Skip to content

chore(deps): bump vulnerable website deps to resolve security alerts#1973

Merged
B4nan merged 1 commit into
masterfrom
chore/security-deps-bump
Jun 17, 2026
Merged

chore(deps): bump vulnerable website deps to resolve security alerts#1973
B4nan merged 1 commit into
masterfrom
chore/security-deps-bump

Conversation

@B4nan

@B4nan B4nan commented Jun 17, 2026

Copy link
Copy Markdown
Member

Lockfile-only bumps in the docs website (website/pnpm-lock.yaml) to resolve Dependabot security alerts. No package.json changes; performed via pnpm update ... -r.

Fixed

Package Old → New Severity
shell-quote 1.8.3 → 1.8.4 CRITICAL
form-data 4.0.5 → 4.0.6 High
ws (v7 line) 7.5.10 → 7.5.11 High
ws (v8 line) 8.20.0 → 8.21.0 High
@babel/core 7.29.6 → 7.29.7 Moderate
dompurify 3.3.3 → 3.4.10 Moderate
joi 17.13.3 → 17.13.4 Moderate
js-yaml 4.1.1 → 4.2.0 Moderate
launch-editor 2.13.2 → 2.14.1 Moderate
markdown-it 14.1.1 → 14.2.0 Moderate

The bulk of the lockfile diff is benign @babel/core@... peer-key churn (the version is embedded as a peer suffix across many dependency keys).

Not addressed here

  • js-yaml 3.14.2 — pulled in transitively by gray-matter@4.0.3, which pins the v3 line. It cannot be moved to v4 without an override (out of scope; lockfile-only update keeps it). The v4 line was bumped to the patched 4.2.0.
  • One dompurify advisory has no fix listed upstream; bumping to 3.4.10 covers the fixable advisories.

🤖 Generated with Claude Code

@B4nan B4nan added the adhoc Ad-hoc unplanned task added during the sprint. label Jun 17, 2026
@github-actions github-actions Bot added this to the 143rd sprint - Tooling team milestone Jun 17, 2026
@github-actions github-actions Bot added the t-tooling Issues with this label are in the ownership of the tooling team. label Jun 17, 2026
@codecov

codecov Bot commented Jun 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.94%. Comparing base (a111b26) to head (91f72da).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1973      +/-   ##
==========================================
- Coverage   92.97%   92.94%   -0.03%     
==========================================
  Files         167      167              
  Lines       11737    11737              
==========================================
- Hits        10912    10909       -3     
- Misses        825      828       +3
Flag Coverage Δ
unit 92.94% <ø> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@B4nan B4nan requested a review from barjin June 17, 2026 13:56
@B4nan B4nan merged commit b2c7288 into master Jun 17, 2026
34 of 35 checks passed
@B4nan B4nan deleted the chore/security-deps-bump branch June 17, 2026 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@barjin barjin barjin approved these changes

Assignees

@B4nan B4nan

Labels

adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team.

Projects

None yet

Milestone

143rd sprint - Tooling team

Development

Successfully merging this pull request may close these issues.

3 participants

@B4nan @barjin @apify-service-account