Skip to content

chore: upgrade dependencies to fix Trivy security vulnerabilities @W-20203809@#555

Closed
nrkruk wants to merge 1 commit into
258-patchfrom
nkruk/security-vulnerability-fixes
Closed

chore: upgrade dependencies to fix Trivy security vulnerabilities @W-20203809@#555
nrkruk wants to merge 1 commit into
258-patchfrom
nkruk/security-vulnerability-fixes

Conversation

@nrkruk
Copy link
Copy Markdown
Collaborator

@nrkruk nrkruk commented Nov 12, 2025

What does this PR do?

Upgrades dependencies to resolve critical and high severity security vulnerabilities flagged by Trivy scanner in Code Builder image:

What issues does this PR fix or reference?

@W-20203809@

@nrkruk
chore: upgrade dependencies to fix Trivy security vulnerabilities @W-…
66f4768 
…20203809@

- Upgrade axios from 1.11.0 to 1.12.0 (fixes CVE-2025-58754)
- Force path-to-regexp to 0.1.12 via resolutions (fixes CVE-2024-52798)
- Force esbuild to 0.24.0+ via resolutions (fixes multiple Go stdlib CVEs)
@nrkruk nrkruk requested review from a team as code owners November 12, 2025 22:19
@nrkruk nrkruk self-assigned this Nov 12, 2025
@nrkruk nrkruk added the nomerge Do not merge this PR until label is removed by the author. label Nov 12, 2025
@nrkruk
Copy link
Copy Markdown
Collaborator Author

nrkruk commented Nov 12, 2025

Don't merge this, was just testing to see if Claude could fix this on its own (obviously not)

@nrkruk nrkruk closed this Jan 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@nrkruk nrkruk

Labels

nomerge Do not merge this PR until label is removed by the author.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nrkruk