Skip to content

chore(deps): bump @salesforce/core to ^8.31.1#448

Merged
msrivastav13 merged 1 commit into
masterfrom
chore/bump-salesforce-core
Jun 19, 2026
Merged

chore(deps): bump @salesforce/core to ^8.31.1#448
msrivastav13 merged 1 commit into
masterfrom
chore/bump-salesforce-core

Conversation

@msrivastav13

Copy link
Copy Markdown
Owner

Summary

Maintenance bump of @salesforce/core from ^8.28.3^8.31.1 (3 minor releases of upstream bug fixes and features). The caret range lets installs resolve to the latest 8.31.x.

Why separate from the security PR

This is intentionally not a security fix. Even the latest @salesforce/core still declares form-data ^4.0.5, which is satisfied by the vulnerable 4.0.5, so bumping core does not resolve any advisory. The vulnerability patches (form-data, uuid, js-yaml) are handled independently in #447 via overrides. Keeping them apart so each PR has a clean, single-purpose diff.

Changes

  • @salesforce/core: ^8.28.3^8.31.1 (package.json + refreshed package-lock.json)

Verification

  • npm ci — syncs cleanly (778 packages)
  • tsc -p . --noEmit — clean
  • npm test57 passing

Note: 8.31.2 is the absolute latest published, but ^8.31.1 already lets CI/normal installs resolve forward to it automatically.

Maintenance update from 8.28.3 -> 8.31.1 (3 minor releases of upstream
bug fixes and features). Caret range lets installs resolve to the
latest 8.31.x. Build clean, all 57 tests pass.

Note: this is a maintenance bump, not a security fix - newer core still
declares form-data ^4.0.5, so the security advisories are handled
separately in the dependency-vulnerabilities PR.
@msrivastav13
msrivastav13 force-pushed the chore/bump-salesforce-core branch from c320dfb to 0120144 Compare June 19, 2026 12:45
@msrivastav13
msrivastav13 merged commit c24df17 into master Jun 19, 2026
2 of 3 checks passed
@msrivastav13
msrivastav13 deleted the chore/bump-salesforce-core branch June 19, 2026 12:45
@msrivastav13 msrivastav13 mentioned this pull request Jun 19, 2026
msrivastav13 added a commit that referenced this pull request Jun 19, 2026
Minor release bundling the changes merged since 1.1.0:
- fix(metadata:rename): resolve -o flag collision hiding default org (#443, #449)
- fix(security): patch all known dependency vulnerabilities (#447)
- chore(deps): bump @salesforce/core to ^8.31.1 (#448)
- docs: use 'sf' instead of 'sfdx' in command examples (#449)

Verified: npm ci clean, 0 vulnerabilities, 57 tests passing, prepack builds.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant