Skip to content

renovate/42.82.3 package update #78217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
octo-sts wants to merge 4 commits into
base: main
Choose a base branch
from
Open

renovate/42.82.3 package update #78217

octo-sts wants to merge 4 commits into from
+6 −2

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Jan 15, 2026
edited
Loading

Commit: 6397b19f77ece24fa5e65cb40b74b8c14c6ad239

Note: If you need to make manual changes to this PR, apply the skip:staging-update-bot label so the reconciler won't overwrite them.

@octo-sts octo-sts bot added automated pr renovate request-version-update request for a newer version of a package P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. staging-autofix bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. approver-bot/manual-review-needed manual/review-needed staging-approver-bot/manual-review-needed labels Jan 15, 2026
@octo-sts octo-sts bot changed the title renovate/42.81.11 package update renovate/42.81.13 package update Jan 15, 2026
@octo-sts octo-sts bot force-pushed the staging-update-bot/renovate.yaml branch from 4fe0e6c to 157581c Compare January 15, 2026 17:19
@octo-sts octo-sts bot added staging-autofix bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed staging-approver-bot/manual-review-needed approver-bot/manual-review-needed and removed P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. manual/review-needed bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. staging-approver-bot/manual-review-needed approver-bot/manual-review-needed staging-autofix labels Jan 15, 2026
@octo-sts octo-sts bot changed the title renovate/42.81.13 package update renovate/42.81.15 package update Jan 15, 2026
@octo-sts octo-sts bot removed manual/review-needed bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. staging-approver-bot/manual-review-needed approver-bot/manual-review-needed staging-autofix labels Jan 15, 2026
@octo-sts octo-sts bot force-pushed the staging-update-bot/renovate.yaml branch from b3c4e24 to 14cd5b2 Compare January 15, 2026 21:37
@octo-sts octo-sts bot changed the title renovate/42.82.1 package update renovate/42.82.2 package update Jan 16, 2026
@octo-sts octo-sts bot removed manual/review-needed bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. staging-approver-bot/manual-review-needed approver-bot/manual-review-needed staging-autofix labels Jan 16, 2026
@octo-sts octo-sts bot force-pushed the staging-update-bot/renovate.yaml branch from a86fc1e to fcf6d71 Compare January 16, 2026 05:31
@octo-sts octo-sts bot added staging-autofix bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. approver-bot/manual-review-needed manual/review-needed staging-approver-bot/manual-review-needed labels Jan 16, 2026
@octo-sts octo-sts bot changed the title renovate/42.82.2 package update renovate/42.82.3 package update Jan 16, 2026
@octo-sts octo-sts bot force-pushed the staging-update-bot/renovate.yaml branch from 0cf0b54 to a4010c1 Compare January 16, 2026 06:14
@octo-sts octo-sts bot added staging-autofix bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. approver-bot/manual-review-needed manual/review-needed staging-approver-bot/manual-review-needed and removed manual/review-needed bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. staging-approver-bot/manual-review-needed approver-bot/manual-review-needed staging-autofix labels Jan 16, 2026
octo-sts bot added 2 commits January 16, 2026 06:34
@octo-sts
fix: add pnpm overrides for diff and undici
cd42218 
Add pnpm overrides to fix CVE scan failures:
- diff 8.0.3 fixes GHSA-73rr-hh4g-fpgx
- undici 7.18.2 fixes CVE-2026-22036

These overrides force the vulnerable transitive dependencies
to use patched versions.
<!--staging-autofix:turn: 1-->
@octo-sts
fix: add diff 8.0.3 to dependencies
b4f7f4b 
Add diff package version 8.0.3 as a direct dependency in
addition to the pnpm override to ensure the CVE fix
(GHSA-73rr-hh4g-fpgx) is applied to all instances of the
package including nested dependencies within npm.
<!--staging-autofix:turn: 2-->
@octo-sts octo-sts bot added the P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. label Jan 16, 2026
@octo-sts
fix: add pnpm override for npm>diff CVE
22a2f09 
Add specific pnpm override for npm>diff to ensure the diff
package within npm's dependency tree is updated to 8.0.3.

This fixes CVE GHSA-73rr-hh4g-fpgx which was found in diff 8.0.2
as a transitive dependency of npm@11.6.4.
<!--staging-autofix:turn: 3-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

approver-bot/manual-review-needed automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed P1 This label indicates our scanning found High, Medium or Low CVEs for these packages. renovate request-version-update request for a newer version of a package staging-approver-bot/manual-review-needed staging-autofix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant