Skip to content

fix(deps): upgrade dbus-next to maintained Holusion fork and resolve security alerts#28

Merged
flexiondotorg merged 1 commit intomainfrom
updates
Mar 23, 2026
Merged

fix(deps): upgrade dbus-next to maintained Holusion fork and resolve security alerts#28
flexiondotorg merged 1 commit intomainfrom
updates

Conversation

@flexiondotorg
Copy link
Copy Markdown
Member

@flexiondotorg flexiondotorg commented Mar 23, 2026

Description

  • Replace dbus-next@^0.10.2 with @holusion/dbus-next@^0.11.2
  • Remove dbus-next's usocket native addon dependency, eliminating downstream tar/form-data/qs/tough-cookie vulnerabilities
  • Remove xml2js from npm overrides (now handled by Holusion fork)
  • Add undici override to cover Discord RPC transitive dependencies
  • Update import paths in src/integrations/mpris/index.ts to use @holusion/dbus-next
  • Add npm audit to test recipe for ongoing vulnerability detection

Additional Context

Resolves 17 Dependabot security alerts.

Checklist

  • I have performed a self-review of my code
  • I have tested my changes and confirmed there are no regressions

@flexiondotorg
fix(deps): upgrade dbus-next to maintained Holusion fork and resolve …
6996889 
…security alerts

- Replace dbus-next@^0.10.2 with @holusion/dbus-next@^0.11.2
- Remove dbus-next's usocket native addon dependency, eliminating
  downstream tar/form-data/qs/tough-cookie vulnerabilities
- Remove xml2js from npm overrides (now handled by Holusion fork)
- Add undici override to cover Discord RPC transitive dependencies
- Update import paths in src/integrations/mpris/index.ts to use
  @holusion/dbus-next
- Add npm audit to test recipe for ongoing vulnerability detection

Resolves 17 Dependabot security alerts.

Signed-off-by: Martin Wimpress <code@wimpress.io>
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 4 files

@flexiondotorg flexiondotorg merged commit c5d898e into main Mar 23, 2026
11 checks passed
@flexiondotorg flexiondotorg deleted the updates branch March 23, 2026 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@flexiondotorg