Skip to content

Fix cves#201

Merged
simonrw merged 4 commits intomainfrom
fix-cves
Apr 7, 2026
Merged

Fix cves#201
simonrw merged 4 commits intomainfrom
fix-cves

Conversation

@cloutierMat
Copy link
Copy Markdown
Member

@cloutierMat cloutierMat commented Apr 7, 2026
edited
Loading

Motivation

Even as the dependabot updates are updating our dependencies, some vulnerabilities remained in our npm packages. This PR should solve that for now. We should probably look in the future as to how dependabot could fix those as well during its weekly updates.

Changes

I ran npm update in ./ and ./cdk/ to perform a safe update to both package-lock.json.

Update changelog to prepeare for a security fix release

Test

I manually tested there are no more known vulnerabilities using npm audit

Documents/localstack/appsync-utils  fix-cves ✔
▶ npm audit        
found 0 vulnerabilities

Documents/localstack/appsync-utils  fix-cves ✔
▶ cd cdk

localstack/appsync-utils/cdk  fix-cves ✔
▶ npm audit
found 0 vulnerabilities

@cloutierMat cloutierMat marked this pull request as ready for review April 7, 2026 18:01
@cloutierMat cloutierMat requested a review from simonrw April 7, 2026 18:01
simonrw
simonrw approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@simonrw simonrw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing these

@simonrw simonrw merged commit b444ee8 into main Apr 7, 2026
4 checks passed
@simonrw simonrw deleted the fix-cves branch April 7, 2026 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simonrw simonrw simonrw approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cloutierMat @simonrw