Skip to content

chore: bump devalue to 5.3.2#10471

Merged
edmundhung merged 3 commits intocloudflare:mainfrom
clintonsteiner:CVE-2025-57820
Aug 28, 2025
Merged

chore: bump devalue to 5.3.2#10471
edmundhung merged 3 commits intocloudflare:mainfrom
clintonsteiner:CVE-2025-57820

Conversation

@clintonsteiner
Copy link
Copy Markdown
Contributor

@clintonsteiner clintonsteiner commented Aug 27, 2025
edited by edmundhung
Loading

Fixes n/a.

Updated devalue version to address GHSA-vj54-72f3-p5jv

@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Aug 27, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 1c32592

The changes in this PR will be included in the next version bump.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

dario-piotrowicz
dario-piotrowicz reviewed Aug 27, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@dario-piotrowicz dario-piotrowicz left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @clintonsteiner 🙂 , thanks for the PR

How did you update the lock file? didn't you also need to update the respective package.json files?

@edmundhung
Copy link
Copy Markdown
Member

edmundhung commented Aug 27, 2025

Hi @clintonsteiner, thanks for the PR!

I have updated the title to remove the vulnerability reference to avoid confusion . As the devalue package is only used by our local development tools (miniflare and vitest-pool-workers), which are not intended for production usage, so this does not have a direct impact on our users.

That said, we will still move forward with updating to the patched version. Could you update the devalue version in the package.json files of both packages?

@edmundhung edmundhung changed the title CVE-2025-57820: fix vulnerability - update devalue to 5.3.2 chore: bump devalue to 5.3.2 Aug 27, 2025
@clintonsteiner clintonsteiner requested a review from a team as a code owner August 27, 2025 15:35
@github-project-automation github-project-automation bot moved this to Untriaged in workers-sdk Aug 27, 2025
@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new bot commented Aug 27, 2025
edited
Loading

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@10471

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@10471

miniflare

npm i https://pkg.pr.new/miniflare@10471

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@10471

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@10471

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@10471

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@10471

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@10471

wrangler

npm i https://pkg.pr.new/wrangler@10471

commit: 1c32592

@clintonsteiner
Copy link
Copy Markdown
Contributor Author

clintonsteiner commented Aug 27, 2025

Thanks for effort here @edmundhung - apologies for being unavaiable

@github-project-automation github-project-automation bot moved this from Untriaged to Approved in workers-sdk Aug 28, 2025
@edmundhung edmundhung mentioned this pull request Aug 28, 2025
Merged
6 tasks
@edmundhung edmundhung merged commit 38bdb78 into cloudflare:main Aug 28, 2025
30 of 33 checks passed
@github-project-automation github-project-automation bot moved this from Approved to Done in workers-sdk Aug 28, 2025
@workers-devprod workers-devprod added the contribution [Holopin] Recognizes an open-source contribution, big or small label Aug 28, 2025
@holopin-bot
Copy link
Copy Markdown

holopin-bot bot commented Aug 28, 2025

Congratulations @clintonsteiner, the maintainer of this repository has issued you a holobyte! Here it is: https://holopin.io/holobyte/cmevd12rt405907jjsmxj0fa3

This badge can only be claimed by you, so make sure that your GitHub account is linked to your Holopin account. You can manage those preferences here: https://holopin.io/account.
Or if you're new to Holopin, you can simply sign up with GitHub, which will do the trick!

@workers-devprod workers-devprod mentioned this pull request Aug 28, 2025
Merged
@jamesopstad jamesopstad mentioned this pull request Aug 28, 2025
Closed
@BaseMax BaseMax mentioned this pull request Aug 28, 2025
Closed
@gronxb gronxb mentioned this pull request Aug 29, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dario-piotrowicz dario-piotrowicz dario-piotrowicz left review comments

@jamesopstad jamesopstad jamesopstad approved these changes

Assignees

No one assigned

Labels

contribution [Holopin] Recognizes an open-source contribution, big or small

Projects

workers-sdk
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@clintonsteiner @edmundhung @jamesopstad @dario-piotrowicz @workers-devprod