Skip to content

chore: Update deps#476

Open
tung2744 wants to merge 4 commits into
authgear:masterfrom
tung2744:dev-3667
Open

chore: Update deps#476
tung2744 wants to merge 4 commits into
authgear:masterfrom
tung2744:dev-3667

Conversation

@tung2744

Copy link
Copy Markdown
Collaborator

ref DEV-3667

tung2744 and others added 3 commits June 30, 2026 16:00
- Root/reactnative: @babel/core <=7.29.0 → 7.29.7 (GHSA-4x5r-pxfx-6jf8)
- Root/reactnative: ws 6.2.3 → 6.2.4, 7.5.10 → 7.5.11 (GHSA-96hv-2xvq-fx4p)
- Root/reactnative/website: launch-editor <=2.14.0 → 2.14.1 (GHSA-v6wh-96g9-6wx3)
- Root/website: markdown-it <=14.1.1 → 14.2.0 (GHSA-6v5v-wf23-fmfq)
- reactweb/reactnative/website: js-yaml 4.1.1 → 4.2.0 (GHSA-h67p-54hq-rp68, 4.x chain only)
- website: webpack-dev-server → 5.2.5 (GHSA-mx8g-39q3-5c79)

Remaining unfixable without major bumps: js-yaml@3.x via cosmiconfig in
metro-config (react-native upgrade needed), and http-proxy-middleware@2.x
in website (webpack-dev-server still depends on ^2.x).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…a fastlane constraint)

- faraday 1.10.5 → 1.10.6: fixes CVE-2026-54297 (stack exhaustion DoS via
  deeply nested NestedParamsEncoder query params, CVSS 7.5)
- excon 0.112.0: CVE-2026-54171 (header leakage on redirects) requires >= 1.5.0
  but fastlane 2.236.1 constrains excon < 1.0.0; added .bundler-audit.yml to
  ignore until fastlane ships excon 1.x support (already merged in fastlane master)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants