Skip to content

[dep] Bump jws to fix vulnerability#2079

Merged
Drarig29 merged 2 commits intomasterfrom
corentin.girard/bump-jws
Feb 3, 2026
Merged

[dep] Bump jws to fix vulnerability#2079
Drarig29 merged 2 commits intomasterfrom
corentin.girard/bump-jws

Conversation

@Drarig29
Copy link
Contributor

@Drarig29 Drarig29 commented Feb 2, 2026
edited
Loading

What and why?

https://github.com/DataDog/datadog-ci/security/dependabot/74

yarn why -R jws
├─ @datadog/datadog-ci-plugin-aas@workspace:packages/plugin-aas
│  └─ @azure/identity@npm:4.10.1 (via npm:^4.10.1)
│     └─ @azure/msal-node@npm:3.6.0 (via npm:^3.5.0)
│        └─ jsonwebtoken@npm:9.0.2 (via npm:^9.0.0)
│           └─ jws@npm:3.2.2 (via npm:^3.2.2)
│
├─ @datadog/datadog-ci-plugin-cloud-run@workspace:packages/plugin-cloud-run
│  ├─ @google-cloud/logging@npm:11.2.0 (via npm:^11.2.0)
│  │  ├─ @google-cloud/common@npm:5.0.2 (via npm:^5.0.0)
│  │  │  └─ google-auth-library@npm:9.7.0 (via npm:^9.0.0)
│  │  │     ├─ gtoken@npm:7.1.0 (via npm:^7.0.0)
│  │  │     │  └─ jws@npm:4.0.0 (via npm:^4.0.0)
│  │  │     └─ jws@npm:4.0.0 (via npm:^4.0.0)
│  │  ├─ google-auth-library@npm:9.7.0 (via npm:^9.0.0)
│  │  └─ google-gax@npm:4.3.8 (via npm:^4.0.3)
│  │     └─ google-auth-library@npm:9.7.0 (via npm:^9.3.0)
│  ├─ @google-cloud/run@npm:3.0.0 (via npm:^3.0.0)
│  │  └─ google-gax@npm:5.0.1 (via npm:^5.0.0)
│  │     └─ google-auth-library@npm:10.2.0 (via npm:^10.1.0)
│  │        ├─ gtoken@npm:8.0.0 (via npm:^8.0.0)
│  │        │  └─ jws@npm:4.0.0 (via npm:^4.0.0)
│  │        └─ jws@npm:4.0.0 (via npm:^4.0.0)
│  └─ google-auth-library@npm:10.2.1 (via npm:^10.2.1)
│     ├─ gtoken@npm:8.0.0 (via npm:^8.0.0)
│     └─ jws@npm:4.0.0 (via npm:^4.0.0)
│
└─ @datadog/datadog-ci-plugin-container-app@workspace:packages/plugin-container-app
   └─ @azure/identity@npm:4.10.1 (via npm:^4.10.1)

How?

See commands in each commit.

Review checklist

  • Feature or bugfix MUST have appropriate tests (unit, integration)

@Drarig29 Drarig29 added the dependencies Pull requests that update a dependency file label Feb 2, 2026
@Drarig29 Drarig29 marked this pull request as ready for review February 2, 2026 11:43
@Drarig29 Drarig29 requested a review from a team as a code owner February 2, 2026 11:43
@Drarig29 Drarig29 merged commit 601eccf into master Feb 3, 2026
28 checks passed
@Drarig29 Drarig29 deleted the corentin.girard/bump-jws branch February 3, 2026 09:21
@Drarig29 Drarig29 mentioned this pull request Feb 3, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ava-silver ava-silver ava-silver approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Drarig29 @ava-silver