chore(security): fix ws and body-parser mend vulnerabilities#725
Conversation
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
📝 WalkthroughWalkthroughUpdated ChangesDependency updates
Estimated code review effort: 1 (Trivial) | ~2 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
View your CI Pipeline Execution ↗ for commit 858c05d
💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗ ☁️ Nx Cloud last updated this comment at |
@forgerock/davinci-client
@forgerock/device-client
@forgerock/journey-client
@forgerock/oidc-client
@forgerock/protect
@forgerock/sdk-types
@forgerock/sdk-utilities
@forgerock/iframe-manager
@forgerock/sdk-logger
@forgerock/sdk-oidc
@forgerock/sdk-request-middleware
@forgerock/storage
commit: |
|
Deployed 4415b4a to https://ForgeRock.github.io/ping-javascript-sdk/pr-725/4415b4a96a41d19c5968070a382f57cebf72b6cb branch gh-pages in ForgeRock/ping-javascript-sdk |
Codecov Report✅ All modified and coverable lines are covered by tests. ❌ Your project status has failed because the head coverage (23.13%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## main #725 +/- ##
==========================================
+ Coverage 18.07% 23.13% +5.06%
==========================================
Files 155 161 +6
Lines 24398 25602 +1204
Branches 1203 1613 +410
==========================================
+ Hits 4410 5924 +1514
+ Misses 19988 19678 -310 🚀 New features to boost your workflow:
|
📦 Bundle Size Analysis📦 Bundle Size Analysis🚨 Significant Changes🔻 @forgerock/device-client - 0.0 KB (-10.0 KB, -100.0%) ➖ No Changes➖ @forgerock/device-client - 10.0 KB 14 packages analyzed • Baseline from latest Legend🆕 New package ℹ️ How bundle sizes are calculated
🔄 Updated automatically on each push to this PR |
Summary
Fixes 2 vulnerabilities flagged by the Mend Security Check:
ws@8.21.0, pulled in transitively viavitest→jsdom. Pinned to^8.21.1via a pnpm override in the rootpackage.json.body-parser@2.2.2ine2e/am-mock-api. Bumped thedirect dependency to
^2.3.0.pnpm-lock.yamlregenerated viapnpm installto reflect both changes.Test plan
pnpm installresolveswsto8.21.1andbody-parser(am-mock-api) to2.3.0nx affectedtypecheck/lint/build/api-report pass (pre-commit hook)syncpack lintclean, no version drift introducedSummary by CodeRabbit