Skip to content

fix: update dependencies to address security vulnerabilities#31

Merged
murrayju merged 1 commit intomainfrom
conductor/audit-update-deps
Jan 20, 2026
Merged

fix: update dependencies to address security vulnerabilities#31
murrayju merged 1 commit intomainfrom
conductor/audit-update-deps

Conversation

@murrayju
Copy link
Copy Markdown
Member

@murrayju murrayju commented Jan 20, 2026

Summary

Verification

  • npm audit now reports 0 vulnerabilities
  • Build passes successfully

fix: update dependencies to address security vulnerabilities
250568d 
- Update @modelcontextprotocol/sdk to fix DNS rebinding and ReDoS CVEs
- Update body-parser to fix DoS vulnerability (GHSA-wqch-xfxh-vrr4)
- Update qs to fix DoS vulnerability (GHSA-6rw7-vpxm-498p)
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Jan 20, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Conductor Agent seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@murrayju murrayju merged commit 92ecb3d into main Jan 20, 2026
2 of 3 checks passed
@murrayju murrayju deleted the conductor/audit-update-deps branch January 20, 2026 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@murrayju @CLAassistant