security: vulnerability remediation#129
Open
kernel-internal[bot] wants to merge 1 commit into
Open
Conversation
|
Created a monitoring plan for this PR. What this PR does: Removes a known vulnerable build-time dependency ( Intended effect:
Risks:
|
7c3b0bc to
d52bdcc
Compare
d52bdcc to
612679f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Vulnerability Remediation
Fixed
Not Included
Deferred details
Note
Low Risk
Lockfile-only patch bump of a dev-time JSON Schema validator used by ESLint, with no runtime or auth/data-path changes.
Overview
Addresses GHSA-2g4f-4pwh-qvx6 by updating the resolved
ajvversion inyarn.lockfrom 6.12.6 to 6.14.0 for the existingajv@^6.12.4range (pulled in by ESLint /@eslint/eslintrc).There are no
package.jsonor application code changes—only the lockfile entry and integrity hash for that dependency.Reviewed by Cursor Bugbot for commit 612679f. Bugbot is set up for automated code reviews on this repo. Configure here.