Skip to content

fix(deps): vuln @grpc/grpc-js (patch → 1.13.5) #2400

Merged
ava-silver merged 2 commits into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/1-1783381818
Jul 13, 2026
Merged

fix(deps): vuln @grpc/grpc-js (patch → 1.13.5) #2400
ava-silver merged 2 commits into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/1-1783381818

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: High-severity security update — 1 package upgraded (patch changes only)

Manifests changed:

  • . (yarn)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
@grpc/grpc-js 1.13.4 1.13.5 patch Transitive 2 HIGH

Security Details

🚨 Critical & High Severity (2 fixed)
Package CVE Severity Summary Unsafe Version Fixed In Case
@grpc/grpc-js GHSA-5375-pq7m-f5r2 HIGH @grpc/grpc-js: A malformed request can cause a server crash 1.13.4 1.9.16 -
@grpc/grpc-js GHSA-99f4-grh7-6pcq HIGH @grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash 1.13.4 1.9.16 -

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@datadog-datadog-prod-us1-2

This comment has been minimized.

@campaigner-prod
campaigner-prod Bot marked this pull request as ready for review July 7, 2026 13:26
@campaigner-prod
campaigner-prod Bot requested a review from a team as a code owner July 7, 2026 13:26
@dd-prapprover-prod-77c48c

dd-prapprover-prod-77c48c Bot commented Jul 7, 2026

Copy link
Copy Markdown

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-07-07T13:27:04Z
  • ⬜ CI tests passed
  • ⬜ Approved
  • ⬜ Merge Started
  • ⬜ Merged

➡️ Current phase: CI tests failed. Please fix the failing tests to continue.

Co-authored-by: gh-worker-campaigns-3e9aa4[bot] <244854796+gh-worker-campaigns-3e9aa4[bot]@users.noreply.github.com>
@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor Author

Auto-rebase complete

Branch is up to date with master — rebased onto e3b34dd.


Auto-Rebase · Add no-auto-rebase to opt out

@dd-octo-sts
dd-octo-sts Bot force-pushed the engraver-auto-version-upgrade/minorpatch/npm/1-1783381818 branch from 7774ca0 to 6232a53 Compare July 13, 2026 10:57
@ava-silver
ava-silver merged commit 2779c87 into master Jul 13, 2026
34 checks passed
@ava-silver
ava-silver deleted the engraver-auto-version-upgrade/minorpatch/npm/1-1783381818 branch July 13, 2026 19:31
@rodrigo-roca rodrigo-roca mentioned this pull request Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant