Skip to content

chore(deps): resolve various dependency vulnerabilities#8474

Merged
adi-herwana-nus merged 1 commit into
masterfrom
adi/resolve-vulnerabilities-2026-07
Jul 7, 2026
Merged

chore(deps): resolve various dependency vulnerabilities#8474
adi-herwana-nus merged 1 commit into
masterfrom
adi/resolve-vulnerabilities-2026-07

Conversation

@adi-herwana-nus

Copy link
Copy Markdown
Contributor

No description provided.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Ruby and JavaScript dependencies (and associated lockfiles) to address reported security vulnerabilities across the main app, client bundle, and Playwright test workspace.

Changes:

  • Bump Ruby gems to patched versions (e.g., jwt, nokogiri, faraday, concurrent-ruby) and tighten constraints where applicable.
  • Update client dependencies and lockfile entries (e.g., react-router-dom, webpack-dev-server, and transitive updates like @remix-run/router / launch-editor).
  • Ensure the tests workspace resolves istanbul-lib-processinfo to 3.0.1 via package.json and yarn.lock updates.

Reviewed changes

Copilot reviewed 3 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tests/yarn.lock Updates istanbul-lib-processinfo lock entry to 3.0.1 and removes now-unneeded uuid lock entry.
tests/package.json Adds istanbul-lib-processinfo and a resolution to enforce the patched version in the tests workspace.
Gemfile.lock Bumps multiple gems to patched versions and reflects updated dependency constraints.
Gemfile Pins jwt to ~> 2.10.3 and raises minimum nokogiri version to >= 1.19.4.
client/yarn.lock Updates lockfile entries for react-router-dom/react-router/@remix-run/router, webpack-dev-server, and launch-editor.
client/package.json Bumps react-router-dom and webpack-dev-server versions to patched releases.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@adi-herwana-nus adi-herwana-nus merged commit 071ecbf into master Jul 7, 2026
15 checks passed
@adi-herwana-nus adi-herwana-nus deleted the adi/resolve-vulnerabilities-2026-07 branch July 7, 2026 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants