Skip to content

chore: apply audit fix #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
charIeszhao merged 1 commit into from
Dec 12, 2025
Merged

chore: apply audit fix #54

charIeszhao merged 1 commit into from
Dec 12, 2025

Conversation

@darcyYe
Copy link
Contributor

@darcyYe darcyYe commented Dec 12, 2025

Summary

apply audit fix

Testing

N/A

Checklist

  • .changeset
  • unit tests
  • integration tests
  • necessary TSDoc comments

@darcyYe darcyYe requested review from a team and Copilot December 12, 2025 04:06
Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR applies a security audit fix by upgrading the node-forge package from version 1.3.1 to 1.3.3 to address a known security vulnerability in versions prior to 1.3.2.

Key Changes

  • Added pnpm override for node-forge@<1.3.2 to force minimum version ^1.3.2
  • Updated all node-forge references in the lockfile from version 1.3.1 to 1.3.3
  • Maintained consistency across 4 dependency snapshots in the lockfile

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Added pnpm override entry to force node-forge versions below 1.3.2 to upgrade to at least 1.3.2
pnpm-lock.yaml Updated all node-forge package references from 1.3.1 to 1.3.3, including package resolution and dependency snapshots for @expo/prebuild-config, @expo/code-signing-certificates, and selfsigned packages

The changes are consistent and follow the established pattern for security-related dependency overrides in this codebase. The override correctly specifies that any node-forge version below 1.3.2 should be replaced with ^1.3.2, and pnpm has resolved this to the latest available patch version 1.3.3. All references in the lockfile have been updated consistently.

Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@charIeszhao charIeszhao merged commit 8feb7ea into master Dec 12, 2025
8 checks passed
@charIeszhao charIeszhao deleted the yemq-audit-fix-20251212 branch December 12, 2025 04:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@charIeszhao charIeszhao charIeszhao approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@darcyYe @charIeszhao