[Snyk] Security upgrade vectordb from 0.4.20 to 0.21.2 #12228

cubic-dev-ai · 2026-04-26T08:45:17Z

P1: Update the vectordb version in the core manifest too; changing only binary/package.json does not affect the code path that uses it, so the vulnerable 0.4.20 copy can still be installed and bundled.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At binary/package.json, line 58: <comment>Update the vectordb version in the core manifest too; changing only binary/package.json does not affect the code path that uses it, so the vulnerable 0.4.20 copy can still be installed and bundled.</comment> <file context> @@ -55,7 +55,7 @@ "undici": "^7.24.0", "uuid": "^9.0.1", - "vectordb": "0.4.20", + "vectordb": "0.21.2", "win-ca": "^3.5.1" } </file context>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade vectordb from 0.4.20 to 0.21.2 #12228

Diff view

Diff view

There are no files selected for viewing

cubic-dev-ai Bot Apr 26, 2026 •

edited

Loading

Uh oh!

Uh oh!

-Original file line number
+Diff line change
@@ Expand Up / @@ -55,7 +55,7 @@ @@
         "tar": "^7.5.13",
         "undici": "^7.24.0",
         "uuid": "^9.0.1",
-        "vectordb": "0.4.20",
+        "vectordb": "0.21.2",
         "win-ca": "^3.5.1"
       }
     }

[Snyk] Security upgrade vectordb from 0.4.20 to 0.21.2 #12228

Are you sure you want to change the base?

[Snyk] Security upgrade vectordb from 0.4.20 to 0.21.2 #12228

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

cubic-dev-ai Bot Apr 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

cubic-dev-ai Bot Apr 26, 2026 •

edited

Loading