Skip to content

CCM-13539: Dependabot updates #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
simonlabarere merged 5 commits into from
Jan 6, 2026
Merged

CCM-13539: Dependabot updates #130

simonlabarere merged 5 commits into from
Jan 6, 2026

Conversation

@simonlabarere
Copy link
Contributor

@simonlabarere simonlabarere commented Jan 5, 2026
edited
Loading

Description

Address vulnerabilities with:

  • qs
  • node-forge
  • playwright
  • axios
  • auth0/node-jws (jws)
  • werkzeug
  • pip
  • rexml

Notes:

  • jest still using outdated version of glob.
  • aws-lambda still using outdated version of js-yaml

Context

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@simonlabarere simonlabarere requested a review from a team as a code owner January 5, 2026 12:01
@simonlabarere simonlabarere added the dependencies Pull requests that update a dependency file label Jan 5, 2026
This was referenced Jan 5, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@gareth-allan gareth-allan self-assigned this Jan 5, 2026
@lapenna-bjss lapenna-bjss self-assigned this Jan 5, 2026
Ian-Hodges
Ian-Hodges previously approved these changes Jan 5, 2026
View reviewed changes
@Ian-Hodges Ian-Hodges self-assigned this Jan 5, 2026
lapenna-bjss
lapenna-bjss previously approved these changes Jan 5, 2026
View reviewed changes
gareth-allan
gareth-allan previously approved these changes Jan 5, 2026
View reviewed changes
@simonlabarere simonlabarere merged commit 85e845b into main Jan 6, 2026
25 checks passed
@simonlabarere simonlabarere deleted the feature/CCM-13539_dependabot_updates branch January 6, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ian-Hodges Ian-Hodges Ian-Hodges approved these changes

@gareth-allan gareth-allan gareth-allan approved these changes

@lapenna-bjss lapenna-bjss lapenna-bjss left review comments

Assignees

@Ian-Hodges Ian-Hodges

@gareth-allan gareth-allan

@lapenna-bjss lapenna-bjss

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@simonlabarere @Ian-Hodges @gareth-allan @lapenna-bjss