Skip to content

chore(dep): Resolve dependency vulnerabilities#343

Merged
jamesbhobbs merged 1 commit intomainfrom
tk/resolve-vulnerabilities
Mar 2, 2026
Merged

chore(dep): Resolve dependency vulnerabilities#343
jamesbhobbs merged 1 commit intomainfrom
tk/resolve-vulnerabilities

Conversation

@tkislan
Copy link
Contributor

@tkislan tkislan commented Mar 2, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

Chores

  • Applied security patches to resolve known vulnerabilities in project dependencies.
  • Updated security configuration to reflect remediated advisories.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 2, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 97eaac7 and 58a46a7.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (2)
  • .nsprc
  • package.json
💤 Files with no reviewable changes (1)
  • .nsprc
📝 Walkthrough

Walkthrough

Updates to two configuration files: removed two security advisory entries from .nsprc, and added three new dependency overrides to package.json (minimatch, bn.js, and serialize-javascript) to pin specific versions addressing known vulnerabilities.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed Title accurately summarizes the main change: resolving dependency vulnerabilities across .nsprc and package.json overrides.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Updates Docs ✅ Passed PR is a chore task for dependency vulnerability resolution, not a feature implementation. Documentation updates are correctly not included since no new features are introduced.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Mar 2, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0%. Comparing base (97eaac7) to head (58a46a7).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@     Coverage Diff     @@
##   main   #343   +/-   ##
===========================
===========================
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@tkislan tkislan marked this pull request as ready for review March 2, 2026 11:23
@tkislan tkislan requested a review from a team as a code owner March 2, 2026 11:23
@jamesbhobbs jamesbhobbs merged commit be35db7 into main Mar 2, 2026
21 of 22 checks passed
@jamesbhobbs jamesbhobbs deleted the tk/resolve-vulnerabilities branch March 2, 2026 11:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamesbhobbs jamesbhobbs jamesbhobbs approved these changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tkislan @jamesbhobbs