Skip to content

chore: update dependencies to address Dependabot security alerts#3727

Open
aterga wants to merge 1 commit intomainfrom
claude/sharp-rosalind
Open

chore: update dependencies to address Dependabot security alerts#3727
aterga wants to merge 1 commit intomainfrom
claude/sharp-rosalind

Conversation

@aterga
Copy link
Copy Markdown
Collaborator

@aterga aterga commented Apr 2, 2026
edited
Loading

Summary

  • Updates production lock files (Cargo.lock, package-lock.json) to resolve 12 open Dependabot security alerts
  • No source code modifications — lock file updates only

Rust crates updated (Cargo.lock)

Crate From To Alert
rustls-webpki 0.103.8 0.103.10 #408
quinn-proto 0.11.13 0.11.14 #386
keccak 0.1.5 0.1.6 #328
time 0.3.44 0.3.47 #317
bytes 1.11.0 1.11.1 #315
rsa 0.9.9 0.9.10 #290

npm packages updated (package-lock.json)

Package From To Alerts
picomatch 2.3.1 / 4.0.3 2.3.2 / 4.0.4 #415, #418
flatted 3.4.1 3.4.2 #404
undici 7.22.0 7.24.7 #394, #395, #397

Remaining production alerts (not addressable)

Test plan

  • CI passes (lock-file-only changes)
  • Verify Dependabot auto-closes resolved alerts after merge

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings April 2, 2026 10:54
@aterga aterga requested a review from a team as a code owner April 2, 2026 10:54
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

Files not reviewed (3)
  • demos/using-dev-build/package-lock.json: Language not supported
  • src/test_openid_provider/package-lock.json: Language not supported
  • src/try-ii/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@aterga aterga requested a review from sea-snake April 2, 2026 14:09
@aterga @claude
chore: update dependencies to address Dependabot security alerts
26112ad 
Updates production lock files to resolve 12 open Dependabot alerts.

Rust crates updated (Cargo.lock):
- rustls-webpki 0.103.8 → 0.103.10
- quinn-proto 0.11.13 → 0.11.14
- keccak 0.1.5 → 0.1.6
- time 0.3.44 → 0.3.47
- bytes 1.11.0 → 1.11.1
- rsa 0.9.9 → 0.9.10

npm packages updated (package-lock.json):
- picomatch 2.3.1 → 2.3.2, 4.0.3 → 4.0.4
- flatted 3.4.1 → 3.4.2
- undici 7.22.0 → 7.24.7

Remaining production alerts require breaking changes:
- cookie (#170): stuck behind @sveltejs/kit
- elliptic (#291): no patch available

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@aterga aterga force-pushed the claude/sharp-rosalind branch from 3aab860 to 26112ad Compare April 2, 2026 14:21
@aterga aterga requested a review from Copilot April 3, 2026 10:44
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sea-snake sea-snake Awaiting requested review from sea-snake

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aterga