Skip to content

[codex] fix production audit vulnerabilities#30

Merged
jjangg96 merged 1 commit into
mainfrom
codex/fix-production-audit
Jun 24, 2026
Merged

[codex] fix production audit vulnerabilities#30
jjangg96 merged 1 commit into
mainfrom
codex/fix-production-audit

Conversation

@jjangg96

Copy link
Copy Markdown
Member

Summary

  • Update the production lockfile entry for form-data to 4.0.6.
  • Bump the existing ws override from 8.20.1 to 8.21.0 and refresh the lockfile.

Why

The remaining open Dependabot PRs were blocked by npm audit --omit=dev. The form-data PR fixed one advisory, but ws still failed the CI audit step, so this PR clears both production audit findings together.

Validation

  • npm ci
  • npm run ci:verify

@jjangg96 jjangg96 marked this pull request as ready for review June 24, 2026 04:45
@jjangg96 jjangg96 merged commit 6f97872 into main Jun 24, 2026
9 checks passed
@jjangg96 jjangg96 deleted the codex/fix-production-audit branch June 24, 2026 04:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant