Skip to content

Commit 711f2ee

Browse files
benpboltonwolfy1339
benpbolton
and
wolfy1339
committed
fix(deps): bump Octokit dependencies to address ReDos vulnerabilities, bump devDependencies (#487)
This aims to resolve #486 `npm vulnerabilities with the 20.x branch Should resolve: GHSA-2p57-rm9w-gvfp GHSA-3xgq-45jj-v275 GHSA-67mh-4wv8-2f99 GHSA-78xj-cgh5-2h22 GHSA-952p-6rrq-rcjv GHSA-9qxr-qj54-h672 GHSA-9wv6-86v2-598j GHSA-c2qf-rxjj-qqgw GHSA-c76h-2ccp-4975 GHSA-c7qv-q95q-8v27 GHSA-f5x3-32g6-xq36 GHSA-grv7-fg5c-xmjg GHSA-h5c3-5r3r-rr8q GHSA-m4v8-wqvr-p9f7 GHSA-m6fv-jmcg-4jfg GHSA-pxg6-pf52-xh8x GHSA-qwcr-r2fm-qrc7 GHSA-rhx6-c78j-4q9w GHSA-rmvr-2pp2-xj38 GHSA-xx4v-prfh-6cgc ---- <!-- Please describe the current behavior that you are modifying. --> > 31 vulnerabilities (3 low, 18 moderate, 10 high) ![CleanShot 2025-02-21 at 12 06 39](https://github.com/user-attachments/assets/02abda17-8aee-46e3-b808-764672a18475) <!-- Please describe the behavior or changes that are being added by this PR. --> > 9 moderate severity vulnerabilities ![CleanShot 2025-02-21 at 12 12 49](https://github.com/user-attachments/assets/10d593d8-9de5-478e-8cde-b5fb81762706) **Important note**: the remaining reported 'moderate' vulnerabilities for `@octokit/request` and `@octokit/plugin-paginate-rest` for GHSA-h5c3-5r3r-rr8q and GHSA-rmvr-2pp2-xj38 are actually mitigated already; npm audit isn't taking the minor versions properly into account as: - @octokit/plugin-paginate-rest is patched in `9.2.2` (applied) - @octokit/request is patched in `8.4.1` (applied) This is a reporting issue: npm/cli#8125 **Important note**: this PR reduces updates (reduces :() test coverage due to the same challenges discovered in #413 (comment) - [x] Tests for the changes have been added (for bug fixes / features) - [ ] Docs have been reviewed and added / updated if needed (for bug fixes / features) <!-- If this introduces a breaking change make sure to note it here any what the impact might be --> Please see our docs on [breaking changes](https://github.com/octokit/.github/blob/master/community/breaking_changes.md) to help! - [ ] Yes - [x] No ---- --------- Co-authored-by: wolfy1339 <[email protected]>
1 parent 7058346 commit 711f2ee

File tree

5 files changed

+2682
-2340
lines changed

5 files changed

+2682
-2340
lines changed

0 commit comments

Comments
 (0)