Skip to content

chore: apply audit fix #1324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
charIeszhao merged 1 commit into from
Dec 12, 2025
Merged

chore: apply audit fix #1324

charIeszhao merged 1 commit into from
Dec 12, 2025

Conversation

@darcyYe
Copy link
Contributor

@darcyYe darcyYe commented Dec 12, 2025

Summary

apply audit fix

Copilot AI review requested due to automatic review settings December 12, 2025 03:58
@darcyYe darcyYe requested a review from a team December 12, 2025 03:59
Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR applies security audit fixes by adding PNPM overrides for two packages with known vulnerabilities: node-forge and mdast-util-to-hast. The overrides force all transitive dependencies to use patched versions that address security issues.

Key Changes

  • Added override for node-forge@<1.3.2 to ^1.3.2, resolving to version 1.3.3
  • Added override for mdast-util-to-hast@>=13.0.0 <13.2.1 to ^13.2.1, resolving to version 13.2.1
  • Updated lockfile with cascading dependency resolution changes

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Added two new security overrides in the pnpm.overrides section to force minimum versions of vulnerable dependencies
pnpm-lock.yaml Updated lockfile to reflect the new overrides and their transitive dependency resolution, including version bumps for node-forge (1.3.1→1.3.3) and mdast-util-to-hast (13.2.0→13.2.1)
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Dec 12, 2025
edited
Loading

Deploying logto-docs-tutorials with  Cloudflare Pages  Cloudflare Pages

Latest commit: c89619b
Status: ✅  Deploy successful!
Preview URL: https://8be537cb.logto-docs-tutorials.pages.dev
Branch Preview URL: https://yemq-audit-fix-20251212.logto-docs-tutorials.pages.dev

View logs

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Dec 12, 2025
edited
Loading

Deploying logto-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: c89619b
Status: ✅  Deploy successful!
Preview URL: https://8404cb52.logto-docs.pages.dev
Branch Preview URL: https://yemq-audit-fix-20251212.logto-docs.pages.dev

View logs

@charIeszhao charIeszhao merged commit ee9020f into master Dec 12, 2025
25 checks passed
@charIeszhao charIeszhao deleted the yemq-audit-fix-20251212 branch December 12, 2025 04:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@charIeszhao charIeszhao charIeszhao approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@darcyYe @charIeszhao