Skip to content

chore(deps): upgrade dependencies and resolve transitive vulnerabilities#951

Merged
dividedmind merged 1 commit into
mainfrom
chore/bump-deps
Jun 22, 2026
Merged

chore(deps): upgrade dependencies and resolve transitive vulnerabilities#951
dividedmind merged 1 commit into
mainfrom
chore/bump-deps

Conversation

@dividedmind

Copy link
Copy Markdown
Contributor

Upgrade several dependencies across the webview workspace and resolve underlying transitive security vulnerabilities.

Security Improvements:

  • Force 'ws' to 8.21.0 for 'engine.io-client' to resolve CVE-2026-48779 (remote memory exhaustion denial of service).
  • Globally resolve 'uuid' to 11.1.1 to resolve CVE-2026-41907 (out-of-bounds write / memory corruption).

General Dependency Bumps:

  • Upgrade 'mermaid' to 10.9.6, 'dompurify' to 3.4.11, 'postcss' to 8.5.15, 'ip-address' to 10.2.0, 'js-yaml' to 4.2.0, 'qs' to 6.15.2, 'brace-expansion' to 5.0.6, and 'tar' to 7.5.16.

All webview production assets have been successfully rebuilt, bundled, and verified under the JCEF sandbox environment with no runtime or build errors.

Upgrade several dependencies across the webview workspace and resolve
underlying transitive security vulnerabilities.

Security Improvements:
- Force 'ws' to 8.21.0 for 'engine.io-client' to resolve CVE-2026-48779
  (remote memory exhaustion denial of service).
- Globally resolve 'uuid' to 11.1.1 to resolve CVE-2026-41907
  (out-of-bounds write / memory corruption).

General Dependency Bumps:
- Upgrade 'mermaid' to 10.9.6, 'dompurify' to 3.4.11, 'postcss' to
  8.5.15, 'ip-address' to 10.2.0, 'js-yaml' to 4.2.0, 'qs' to 6.15.2,
  'brace-expansion' to 5.0.6, and 'tar' to 7.5.16.

All webview production assets have been successfully rebuilt, bundled,
and verified under the JCEF sandbox environment with no runtime or build
errors.
@dividedmind dividedmind requested a review from Copilot June 22, 2026 16:43
@dividedmind dividedmind self-assigned this Jun 22, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dividedmind dividedmind merged commit 8bacc93 into main Jun 22, 2026
5 checks passed
@appmap-releasebot

Copy link
Copy Markdown

🎉 This PR is included in version 0.85.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants