Skip to content

chore: automated dependency updates (20250923-222713) #640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: fix-actions
Choose a base branch
from
Open

chore: automated dependency updates (20250923-222713) #640

wants to merge 1 commit into from

Conversation

aws-crt-bot
Copy link
Collaborator

🔄 Automated Dependency Updates

This PR contains automated dependency updates performed by the daily maintenance workflow.

Changes Summary

  • 📦 package-lock.json updated

Audit Results

Security Vulnerabilities Found (5 total):

🚨 axios (high severity)

🚨 jest-dev-server (high severity)

  • Affected versions: 5.0.0 - 6.2.0
  • Direct dependency: No
  • Fix available: ✅ Yes
  • Installed locations: node_modules/jest-dev-server
  • Advisories:
    • Vulnerability via package: wait-on

🚨 jest-environment-puppeteer (high severity)

  • Affected versions: 5.0.0 - 6.2.0
  • Direct dependency: No
  • Fix available: ✅ Yes
  • Installed locations: node_modules/jest-environment-puppeteer
  • Advisories:
    • Vulnerability via package: jest-dev-server

🚨 jest-puppeteer (high severity)

  • Affected versions: 5.0.0 - 6.2.0
  • Direct dependency: Yes
  • Fix available: ✅ Yes
  • Installed locations: node_modules/jest-puppeteer
  • Advisories:
    • Vulnerability via package: jest-environment-puppeteer

🚨 wait-on (high severity)

  • Affected versions: 5.0.0-rc.0 - 7.1.0
  • Direct dependency: No
  • Fix available: ✅ Yes
  • Installed locations: node_modules/wait-on
  • Advisories:
    • Vulnerability via package: axios

Vulnerability Summary by Severity:

  • 🟠 High: 5
  • total: 5

Recommended Actions:

  • ⚠️ 2 direct dependencies have vulnerabilities - consider updating or replacing
  • � 5 critical/high severity vulnerabilities require immediate attention

Dependency Summary:

  • Total dependencies: 550
  • Production: 89
  • Development: 462
  • Optional: 2

Files Changed

  • package-lock.json

What was done:

  1. ✅ Ran npm audit fix to address security vulnerabilities
  2. ✅ Ran npm install --lockfile-version=1 to ensure lockfile compatibility
  3. ✅ Committed any resulting changes

Review Guidelines:

  • 🔍 Review the changes in package-lock.json for any unexpected updates
  • 🧪 Ensure CI tests pass before merging
  • 🚀 This PR can be safely merged if all checks pass

This PR was automatically created by the dependency-updates workflow.

@aws-crt-bot
chore: automated dependency updates
20d3a36 
- Run npm audit fix to address security vulnerabilities
- Reinstall dependencies with lockfile-version=1
- Automated update on 20250923-222713

🤖 Assisted by GenAI
@TingDaoK TingDaoK changed the base branch from main to fix-actions September 23, 2025 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aws-crt-bot