Skip to content

Janmooij/scc 3443#208

Closed
janmooij wants to merge 70 commits intoUnleash:mainfrom
checkout-anywhere:janmooij/SCC-3443
Closed

Janmooij/scc 3443#208
janmooij wants to merge 70 commits intoUnleash:mainfrom
checkout-anywhere:janmooij/SCC-3443

Conversation

@janmooij
Copy link
Copy Markdown

@janmooij janmooij commented Jul 18, 2025

About the changes

Fixes https://github.com/checkout-anywhere/unleash-proxy/security/dependabot/5

Important files

Discussion points

robmonct and others added 30 commits September 11, 2023 10:55
@robmonct
remove workflows. Bump to node:20
938d4d8
@robmonct
remove workflows. Bump to node:20
52e9217
@robmonct
remove workflows. Bump to node:20
7bcecf3
@robmonct
Merge branch 'Unleash:main' into main
d781a1f
@robmonct
Merge branch 'Unleash:main' into main
c661305
@robmonct
Merge branch 'Unleash:main' into main
e8e3174
@robmonct
fix: CVE-2023-5363
5b4640f
@robmonct
Merge branch 'Unleash:main' into main
5293a1d
@robmonct
revert fix: CVE-2023-5363
846190e
@robmonct
fix: CVE-2023-6129
56a6776
@robmonct
Merge branch 'Unleash:main' into main
ac1f190
@robmonct
chore: Revert bump to node:20
455345d
@robmonct
fix: CVE-2023-6129
cd5f3c6
@robmonct
remove workflows. Bump to node:20
ede5ec2
@robmonct
remove workflows. Bump to node:20
2cb3bc9
@robmonct
remove workflows. Bump to node:20
af444fa
@robmonct
revert fix: CVE-2023-5363
eff3aa6
@robmonct
fix: CVE-2023-6129
6141eb9
@robmonct
chore: Revert bump to node:20
eea8113
@robmonct
chore(deps): bump npm to avoid CVE-2023-42282
80cd471
@robmonct
Merge branch 'main' of github.com:checkout-anywhere/unleash-proxy
1fb931a 
# Conflicts:
#	Dockerfile
@robmonct
revert fix: CVE-2023-5363
b85b4cc
@robmonct
chore(deps): bump npm to avoid CVE-2023-42282
9f4c1c2
@robmonct
chore(deps): bump npm to avoid CVE-2023-42282
546d81d
@robmonct
chore(deps): bump npm to avoid CVE-2023-42282
9f41e89
@robmonct
Merge branch 'Unleash:main' into main
f03c67b
@robmonct
chore(deps): bump express to avoid CVE-2024-29041
7f8f7a3
@robmonct
chore(deps): bump npm to avoid CVE-2024-28863. Bump libssl3 libcrypto…
9ab28f2 
…3 to avoid CVE-2024-2511
@robmonct
chore(deps): bump npm to avoid CVE-2024-28863
b80907c
@robmonct
chore(deps): bump npm to avoid CVE-2024-28863
468d28e
robmonct and others added 26 commits October 2, 2024 13:21
@robmonct
build(deps): bump packages
5d9a666
@robmonct
fix(deps): Added cookie override
dc208d3
@robmonct
fix(deps): Added cross-spawn fix
d22d6bc
@robmonct
fix(deps): Added cross-spawn fix
c8f63bc
@janmooij
fix(ci): path-to-regexp vulnerability
6c8cb8f
@robmonct
Merge pull request #1 from checkout-anywhere/janmooij/SCC-2781
ee77c03 
fix(ci): path-to-regexp vulnerability
@robmonct
fix(ci): fix issue with ubuntu24.04
281dd9d
@robmonct
fix(ci): fix issue with buildx v0.19.1
57bad65
@robmonct
fix(ci): check runc version
71b074a
@robmonct
fix(ci): check runc version
cfa411c
@robmonct
fix(ci): check runc version
3a8bf3a
@robmonct
fix(ci): check runc version
ae284bc
@robmonct
fix(ci): fix issue docker build
be71b5a
@robmonct
fix(ci): fix issue docker build
934294e
@robmonct
fix(vulnerabilities): Bump musl package
521aca4
@robmonct
fix(vulnerabilities): Bump musl-utils package
f9dea50
@robmonct
fix(vulnerabilities): Bump musl-utils package
6546504
@robmonct
fix(vulnerabilities): Bump @babel/runtime
a4a78ca
@janmooij @chriswk
@FredrikOseberg @melindafekete @spirrello @stefano-zebedee @gastonfournier
fix(unleash): bump v1.4.9 (#2)
8079781 
* fix: add resolutions for path-to-regexp for router (Unleash#198)

* task: resolve cookie to 1.0.0 release (Unleash#199)

* 1.4.8

* docs: add maintenance mode (Unleash#202)

* Remove duplicate note (plus broken link) (Unleash#203)

* Bumped express to version 4.21.2.  This was required to resolve CVE-2024-52798 on path-to-regexp package. (Unleash#205)

Co-authored-by: stefano <stefano@zebedee.io>

* 1.4.9

* fix: deps

---------

Co-authored-by: Christopher Kolstad <chriswk@getunleash.io>
Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
Co-authored-by: Melinda Fekete <melinda.fekete@getunleash.io>
Co-authored-by: spirrello <spirrello@users.noreply.github.com>
Co-authored-by: stefano <stefano@zebedee.io>
Co-authored-by: Gastón Fournier <gaston@getunleash.io>
@janmooij
fix(deps): path-to-regexp and formidable resolutions (#3)
8c0b758
@janmooij
fix(deps): path-to-regexp (#4)
b2e7356
@janmooij
chore(ci): workflow permissions (#5)
bccf30a
@janmooij
Janmooij/workflow permissions (#6)
2480080 
* chore(ci): workflow permissions

* chore(ci): workflow permissions
@dependabot
build(deps): bump brace-expansion from 1.1.11 to 1.1.12 (#7)
98c49a3 
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@janmooij
fix(deps): mitigate CVE-2025-5889
e876ebd
@janmooij
chore: Mitigate CVE-2025-7339
4bba0bd
@janmooij janmooij closed this Jul 18, 2025
@github-project-automation github-project-automation bot moved this from New to Done in Issues and PRs Jul 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Issues and PRs
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@janmooij @thomasheartman @robmonct