Skip to content

fix: update debug dependency #4502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: next
Choose a base branch
from
Open

fix: update debug dependency #4502

wants to merge 6 commits into from

Conversation

lialang-cisco
Copy link
Contributor

@lialang-cisco lialang-cisco commented Sep 26, 2025
edited
Loading

COMPLETES # CX-21573

This pull request addresses

Ref: GHSA-4x49-vf9v-38px

On September 8th, a compromised version of the debug package was published to npm. debug is a dependency of this project. Fortunately, from the history of yarn.lock we can tell that the compromised version was never picked up in this project.

by making the following changes

  • Update the required version of debug to 4.4.3, the latest (fixed) version.
  • Update the lock file.

Change Type

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Tooling change
  • Internal code refactor

The following scenarios were tested

Basic sanity tests on messaging, meetings and calling.

The GAI Coding Policy And Copyright Annotation Best Practices

  • GAI was not used (or, no additional notation is required)
  • Code was generated entirely by GAI
  • GAI was used to create a draft that was subsequently customized or modified
  • Coder created a draft manually that was non-substantively modified by GAI (e.g., refactoring was performed by GAI on manually written code)
  • Tool used for AI assistance (GitHub Copilot / Other - specify)
    • Github Copilot
    • Other - Please Specify
  • This PR is related to
    • Feature
    • Defect fix
    • Tech Debt
    • Automation

I certified that

  • I have read and followed contributing guidelines
  • I discussed changes with code owners prior to submitting this pull request
  • I have not skipped any automated checks
  • All existing and new tests passed
  • I have updated the documentation accordingly

Make sure to have followed the contributing guidelines before submitting.

@lialang-cisco lialang-cisco requested review from a team as code owners September 26, 2025 08:16
@aws-amplify-us-east-2 AWS Amplify (us-east-2)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-4502.d3m3l2kee0btzx.amplifyapp.com

@adhmenon adhmenon added the validated If the pull request is validated for automation. label Sep 26, 2025
@rarajes2
Copy link
Contributor

Can you please update the The following scenarios were tested section with basic sanity tests on the messaging, meeting, and calling ?

@lialang-cisco
Copy link
Contributor Author

Done now @rarajes2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robstax robstax robstax approved these changes

@adhmenon adhmenon adhmenon approved these changes

@rarajes2 rarajes2 rarajes2 approved these changes

Assignees

No one assigned

Labels

validated If the pull request is validated for automation.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lialang-cisco @rarajes2 @robstax @adhmenon