Skip to content

fix: remanining security advisory#896

Merged
ferhatelmas merged 1 commit intomasterfrom
ferhat/security-bumps
Mar 6, 2026
Merged

fix: remanining security advisory#896
ferhatelmas merged 1 commit intomasterfrom
ferhat/security-bumps

Conversation

@ferhatelmas
Copy link
Member

@ferhatelmas ferhatelmas commented Mar 6, 2026
edited
Loading

What kind of change does this PR introduce?

Bug fix

What is the current behavior?

Security issues in aws sdk/axios/minimatch/ajv

What is the new behavior?

Bump to versions with fixes.

Additional context

Direct dependency bumps

Package From To Upstream changes
@aws-sdk/client-ecs 3.948.0 3.1003.0 Compare
@aws-sdk/client-s3 3.948.0 3.1003.0 Compare
@aws-sdk/client-s3vectors 3.948.0 3.1003.0 Compare
@aws-sdk/lib-storage 3.948.0 3.1003.0 Compare
@aws-sdk/s3-request-presigner 3.948.0 3.1003.0 Compare
@aws-sdk/s3-presigned-post 3.948.0 3.1003.0 Compare
axios 1.12.0 1.13.6 Compare, Releases
ajv 8.12.0 8.18.0 Compare, Releases
fastify 5.7.4 5.8.1 Compare, Releases

Transitive fixes applied through overrides

Package From To Why it changed Upstream changes
minimatch 3.1.2 3.1.5 Forced via glob@7 consumers Compare, Releases
minimatch 5.1.6 5.1.9 Forced via filelist@1 Compare, Releases
diff 4.0.2 4.0.4 Forced via ts-node@9 Compare, Releases

Notable transitive security-related movement from the AWS SDK bump

Package From To Upstream changes
fast-xml-parser 5.2.5 5.4.1 Compare, Releases

@ferhatelmas
fix: remanining security advisory
304d76c 
Signed-off-by: ferhat elmas <elmas.ferhat@gmail.com>
@ferhatelmas ferhatelmas requested a review from a team as a code owner March 6, 2026 12:45
@coderabbitai
Copy link

coderabbitai bot commented Mar 6, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: f6626e6b-4836-4311-9bde-35e3ead4ab9c

📥 Commits

Reviewing files that changed from the base of the PR and between 5ecaa71 and 304d76c.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json
📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Updated AWS SDK client libraries and utility dependencies to latest versions
    • Enhanced dependency management with updated resolution overrides

Walkthrough

This pull request updates dependency versions in package.json. AWS SDK client packages (@aws-sdk/client-ecs, @aws-sdk/client-s3, @aws-sdk/client-s3vectors, @aws-sdk/lib-storage, and @aws-sdk/s3-request-presigner) are upgraded from version 3.948.0 to 3.979.0. Minor version bumps are applied to ajv, axios, and fastify. An "overrides" section is introduced to enforce specific transitive dependency versions for minimatch and ts-node. The changes do not modify runtime entrypoints or public APIs.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ferhatelmas ferhatelmas merged commit bd1edfd into master Mar 6, 2026
4 checks passed
@ferhatelmas ferhatelmas deleted the ferhat/security-bumps branch March 6, 2026 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TylerHillery TylerHillery TylerHillery approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ferhatelmas @TylerHillery