Skip to content

[CD-1224] Remediate casedev-typescript package vulnerabilities#132

Open
andrazk wants to merge 1 commit into
mainfrom
codex/cd-1224-remediate-casedev-typescript-vulns
Open

[CD-1224] Remediate casedev-typescript package vulnerabilities#132
andrazk wants to merge 1 commit into
mainfrom
codex/cd-1224-remediate-casedev-typescript-vulns

Conversation

@andrazk

@andrazk andrazk commented Jun 16, 2026

Copy link
Copy Markdown

Summary

Remediates GitHub Dependabot medium findings for CaseMark/casedev-typescript by adding narrow overrides for vulnerable transitive dependencies:

  • handlebars -> 4.7.9
  • picomatch -> 2.3.2

Vanta

https://app.vanta.com/c/casemark/tests/packages-checked-for-vulnerabilities-v2-records-closed-github-dependabot-medium

Validation

  • npx --yes pnpm@10.30.1 install --frozen-lockfile
  • Targeted pnpm audit --json check for handlebars and picomatch returned no findings
  • npx --yes pnpm@10.30.1 test passed: 64 suites, 676 tests

@github-actions github-actions Bot enabled auto-merge June 16, 2026 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant