chore(security): upgrade turbo to patch CVE-2026-45773 / CVE-2026-45772#4
chore(security): upgrade turbo to patch CVE-2026-45773 / CVE-2026-45772#4Kan-A-Pesh wants to merge 1 commit into
Conversation
Upgrade turbo from 2.6.3 to 2.9.14 to patch CVE-2026-45773 (session fixation CSRF) and CVE-2026-45772 (local code execution). Also includes formatting changes applied by oxfmt --write . Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
No issues found across 3 files
Confidence score: 5/5
- Automated review surfaced no issues in the provided summaries.
- No files require special attention.
Auto-approved: This PR patches security vulnerabilities in a dev dependency (turbo) via a minor version bump, updates the lockfile, and applies cosmetic whitespace-only formatting changes, with all checks passing and no modifications to business logic or critical paths.
Re-trigger cubic
Security Dependency Upgrades
MINOR upgrades
turbo: 2.6.3 → 2.9.14
This is a MINOR version bump (no breaking changes expected for build tool usage).
Vulnerabilities patched:
Official changelog: https://github.com/vercel/turborepo/releases
CVEs / GHSAs patched
turboCommands run
Results
Risks / Breaking changes
apps/web/src/routes/proto/v4.tsx— this is a pre-existing formatting inconsistency resolved by the formatter, unrelated to the security fix.🤖 Generated with Claude Code