Skip to content

chore: Fix security vulnerabilities and modernize stack#6953

Merged
BYK merged 2 commits into
mainfrom
chore/fix-security-advisories
Jan 21, 2026
Merged

chore: Fix security vulnerabilities and modernize stack#6953
BYK merged 2 commits into
mainfrom
chore/fix-security-advisories

Conversation

@BYK

@BYK BYK commented Jan 20, 2026

Copy link
Copy Markdown
Member

Summary

This PR fixes all 7 open Dependabot security alerts by updating dependencies and modernizing the stack.

Changes

  • Node.js: 14.21.1 → 24.0.0 (current LTS)
  • Runtime dependencies:
    • @actions/github: ^5.1.1 → ^7.0.0 (fixes @octokit/* vulnerabilities)
    • @actions/core: ^1.10.0 → ^2.0.0
    • @sentry/node: ^7.12.0 → ^10.0.0 (fixes cookie vulnerability)
  • Test framework: Migrated from Jest to Vitest
  • Sentry API: Updated deprecated getCurrentHub() to startSession()/endSession()
  • Removed obsolete set-value resolution

Security Alerts Fixed

Severity Package Issue
HIGH braces Uncontrolled resource consumption
MEDIUM js-yaml (x2) Prototype pollution
MEDIUM @octokit/request ReDoS vulnerability
MEDIUM @octokit/plugin-paginate-rest ReDoS vulnerability
MEDIUM @octokit/request-error ReDoS vulnerability
LOW cookie Out of bounds characters

BYK added 2 commits January 20, 2026 16:59
- Update Node.js from 14.21.1 to 24.0.0
- Update @actions/github to ^7.0.0 (fixes @octokit/* vulnerabilities)
- Update @actions/core to ^2.0.0
- Update @sentry/node to ^10.0.0 (fixes cookie vulnerability)
- Migrate from Jest to Vitest for testing
- Update Sentry API usage (getCurrentHub -> startSession/endSession)
- Remove obsolete set-value resolution

Fixes 7 Dependabot security alerts:
- braces (HIGH)
- js-yaml x2 (MEDIUM)
- @octokit/request, plugin-paginate-rest, request-error (MEDIUM)
- cookie (LOW)
@BYK BYK marked this pull request as ready for review January 20, 2026 21:29
@BYK BYK requested a review from a team as a code owner January 20, 2026 21:29
@BYK BYK merged commit 6e15507 into main Jan 21, 2026
8 checks passed
@BYK BYK deleted the chore/fix-security-advisories branch January 21, 2026 11:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant