Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

chore: fix npm audit vulnerabilities (picomatch, smol-toml)#689

Merged
breaking-brake merged 1 commit intomainbreaking-brake/cc-wf-studio:mainfrom
chore/npm-audit-fixbreaking-brake/cc-wf-studio:chore/npm-audit-fixCopy head branch name to clipboard
Mar 26, 2026
Merged

chore: fix npm audit vulnerabilities (picomatch, smol-toml)#689
breaking-brake merged 1 commit intomainbreaking-brake/cc-wf-studio:mainfrom
chore/npm-audit-fixbreaking-brake/cc-wf-studio:chore/npm-audit-fixCopy head branch name to clipboard

Conversation

@breaking-brake
Copy link
Copy Markdown
Owner

@breaking-brake breaking-brake commented Mar 26, 2026

Summary

  • Run npm audit fix to address non-breaking security vulnerabilities
  • Updated picomatch and smol-toml to patched versions

Changes

  • picomatch: Fixed ReDoS vulnerability and method injection in POSIX character classes (high severity)
  • smol-toml: Fixed DoS vulnerability via TOML documents with thousands of consecutive commented lines (moderate severity)

Notes

  • Only non-breaking changes applied (npm audit fix without --force)
  • Remaining vulnerabilities require breaking changes (@vscode/test-cli downgrade) and are not addressed here

🤖 Generated with Claude Code

@breaking-brake @claude
chore: fix npm audit vulnerabilities (picomatch, smol-toml)
74e8b48 
- Updated picomatch and smol-toml to patched versions
- Non-breaking changes only (npm audit fix)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 26, 2026

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 987a4db7-0f4e-482f-b2ab-bcda1772b265

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/npm-audit-fix

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@breaking-brake breaking-brake merged commit f340c94 into main Mar 26, 2026
4 checks passed
@breaking-brake breaking-brake deleted the chore/npm-audit-fix branch March 26, 2026 14:49
@breaking-brake breaking-brake mentioned this pull request Mar 27, 2026
Merged
@braking-brake-semantic-release
Copy link
Copy Markdown

braking-brake-semantic-release Bot commented Mar 27, 2026

🎉 This PR is included in version 3.31.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@breaking-brake
Morty Proxy This is a proxified and sanitized view of the page, visit original site.