ci(deps): update pi-sidecar to 1.1.1 and fix 9 dependabot alerts#1136
Conversation
Bump @myk-org/pi-sidecar from 1.1.0 to 1.1.1 which fixes: - @earendil-works/pi-coding-agent vulnerabilities (4 alerts) Add npm overrides for transitive dependencies: - undici >=6.27.0 (4 alerts via discord.js) - uuid >=11.1.1 (1 alert via gaxios) npm audit now shows 0 vulnerabilities.
|
Report bugs in Issues Welcome! 🎉This pull request will be automatically processed with the following features: 🔄 Automatic Actions
📋 Available CommandsPR Status Management
Review & Approval
Testing & Validation
Container Operations
Cherry-pick Operations
Branch Management
Label Management
✅ Merge RequirementsThis PR will be automatically approved when the following conditions are met:
📊 Review ProcessApprovers and ReviewersApprovers:
Reviewers:
Available Labels
AI Features
Security Checks
💡 Tips
For more information, please refer to the project documentation or contact the maintainers. |
PR Summary by Qodoci(deps): resolve pi-sidecar 1.1.1 and override undici/uuid for audit fixes Description
Diagram
High-Level Assessment
Files changed (2)
|
Code Review by Qodo
Context used✅ Compliance rules (platform):
30 rules 1.
|
Change undici override from >=6.27.0 to ^6.27.0 (stays in 6.x) Change uuid override from >=11.1.1 to ^11.1.1 (stays in 11.x) Addresses Qodo review finding about open-ended overrides allowing unintended major version jumps for transitive dependencies.
|
@qodo-code-review[bot] The following review comments were reviewed and a decision was made:
|
Thanks — both |
|
Code review by qodo was updated up to the latest commit a80ef17 |
|
New container for ghcr.io/myk-org/github-webhook-server:latest published |
Summary
Bump
@myk-org/pi-sidecarfrom 1.1.0 to 1.1.1 and add npm overrides to fix all 9 open Dependabot security alerts.Changes
sidecar-helper/package.jsonoverridesforundicianduuidsidecar-helper/package-lock.jsonAlerts Fixed
pi-coding-agentpi-coding-agentpi-coding-agentpi-coding-agentundiciundiciundiciundiciuuidVerification