chore(deps): bump @salesforce/core to ^8.31.1#448
Merged
Conversation
Maintenance update from 8.28.3 -> 8.31.1 (3 minor releases of upstream bug fixes and features). Caret range lets installs resolve to the latest 8.31.x. Build clean, all 57 tests pass. Note: this is a maintenance bump, not a security fix - newer core still declares form-data ^4.0.5, so the security advisories are handled separately in the dependency-vulnerabilities PR.
msrivastav13
force-pushed
the
chore/bump-salesforce-core
branch
from
June 19, 2026 12:45
c320dfb to
0120144
Compare
Merged
msrivastav13
added a commit
that referenced
this pull request
Jun 19, 2026
Minor release bundling the changes merged since 1.1.0: - fix(metadata:rename): resolve -o flag collision hiding default org (#443, #449) - fix(security): patch all known dependency vulnerabilities (#447) - chore(deps): bump @salesforce/core to ^8.31.1 (#448) - docs: use 'sf' instead of 'sfdx' in command examples (#449) Verified: npm ci clean, 0 vulnerabilities, 57 tests passing, prepack builds.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Maintenance bump of
@salesforce/corefrom^8.28.3→^8.31.1(3 minor releases of upstream bug fixes and features). The caret range lets installs resolve to the latest8.31.x.Why separate from the security PR
This is intentionally not a security fix. Even the latest
@salesforce/corestill declaresform-data ^4.0.5, which is satisfied by the vulnerable4.0.5, so bumping core does not resolve any advisory. The vulnerability patches (form-data,uuid,js-yaml) are handled independently in #447 viaoverrides. Keeping them apart so each PR has a clean, single-purpose diff.Changes
@salesforce/core:^8.28.3→^8.31.1(package.json+ refreshedpackage-lock.json)Verification
npm ci— syncs cleanly (778 packages)tsc -p . --noEmit— cleannpm test— 57 passing