Skip to content

fix(DATAGO-125851): Fix SAM minimatch and google-cloud-aiplatform vulnerabilities#1089

Closed
dylanwalsh-solace wants to merge 2 commits intomainfrom
dylanwalsh-solace/DATAGO-125851/fix-minimatch-and-tar-vulnerabilities
Closed

fix(DATAGO-125851): Fix SAM minimatch and google-cloud-aiplatform vulnerabilities#1089
dylanwalsh-solace wants to merge 2 commits intomainfrom
dylanwalsh-solace/DATAGO-125851/fix-minimatch-and-tar-vulnerabilities

Conversation

@dylanwalsh-solace
Copy link
Contributor

@dylanwalsh-solace dylanwalsh-solace commented Feb 25, 2026
edited
Loading

What is the purpose of this change?

How was this change implemented?

  • Override the node dependency version

How was this change tested?

  • Manual testing: [describe scenarios]
  • Unit tests: [new/modified tests]
  • Integration tests: [if applicable]
  • Known limitations: [what wasn't tested]

minimatch and tar

For the minimatch version bump, the brace-expansion dependency uses version ^5.0.2. So safe to override existing brace-expansion override.

npm view minimatch@10.2.1 dependencies
{ 'brace-expansion': '^5.0.2' }

Following npm install:

npm ls minimatch
@SolaceLabs/solace-agent-mesh-ui@1.54.2 /Users/dylan.walsh/Library/CloudStorage/OneDrive-SolaceCorporation/Documents/projects/solace-agent-mesh/client/webui/frontend
├─┬ @storybook/react-vite@10.1.11
│ └─┬ @joshwooding/vite-plugin-react-docgen-typescript@0.6.3
│   └─┬ glob@11.1.0
│     └── minimatch@10.2.4 deduped
├─┬ @tanstack/eslint-plugin-query@5.91.2
│ └─┬ @typescript-eslint/utils@8.53.0
│   └─┬ @typescript-eslint/typescript-estree@8.53.0
│     └── minimatch@10.2.4 deduped
├─┬ eslint-plugin-storybook@10.1.11
│ └─┬ @typescript-eslint/utils@8.35.1
│   └─┬ @typescript-eslint/typescript-estree@8.35.1
│     └── minimatch@10.2.4 deduped
├─┬ eslint@9.30.1
│ ├─┬ @eslint/config-array@0.21.0
│ │ └── minimatch@10.2.4 deduped
│ ├─┬ @eslint/eslintrc@3.3.1
│ │ └── minimatch@10.2.4 deduped
│ └── minimatch@10.2.4 overridden
└─┬ mocha-junit-reporter@2.2.1
  └─┬ mocha@11.7.5
    ├─┬ glob@10.5.0
    │ └── minimatch@10.2.4 deduped
    └── minimatch@10.2.4 deduped

Following pip install and sync:

uv pip show google-cloud-aiplatform
Name: google-cloud-aiplatform
Version: 1.133.0
Location: /Users/dylan.walsh/Library/CloudStorage/OneDrive-SolaceCorporation/Documents/projects/solace-agent-mesh/.venv/lib/python3.11/site-packages
Requires: docstring-parser, google-api-core, google-auth, google-cloud-bigquery, google-cloud-resource-manager, google-cloud-storage, google-genai, packaging, proto-plus, protobuf, pydantic, typing-extensions
Required-by: google-adk
  • minimax (app dependency): bumping to ^10.2.1
  • google-cloud-aiplatform (app dependency): bumping to 1.133.0

@github-actions
Copy link

github-actions bot commented Feb 25, 2026
edited
Loading

WhiteSource Policy Violation Summary

✅︎ No Blocking Whitesource Policy Violations found in solaceai/solace-agent-mesh-ui-pr-1089!

@dylanwalsh-solace dylanwalsh-solace changed the title fix(DATAGO-125851): Bump minimatch version fix(DATAGO-125851): Fix SAM minimatch and google-cloud-aiplatform vulnerabilities Feb 25, 2026
@sonarqube-solacecloud
Copy link

sonarqube-solacecloud bot commented Feb 25, 2026

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@dylanwalsh-solace dylanwalsh-solace deleted the dylanwalsh-solace/DATAGO-125851/fix-minimatch-and-tar-vulnerabilities branch February 25, 2026 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dylanwalsh-solace