Skip to content

VULN UPGRADE: minor upgrades — 8 packages (minor: 4 · patch: 4) #180

Merged
greghuels merged 2 commits intomainfrom
engraver-auto-version-upgrade/minorpatch/npm/1-1771003142
Feb 19, 2026
Merged

VULN UPGRADE: minor upgrades — 8 packages (minor: 4 · patch: 4) #180
greghuels merged 2 commits intomainfrom
engraver-auto-version-upgrade/minorpatch/npm/1-1771003142

Conversation

@campaigner-prod
Copy link
Copy Markdown
Contributor

@campaigner-prod campaigner-prod bot commented Feb 13, 2026

Summary: Security update — 8 packages upgraded (MINOR changes included)

Manifests changed:

  • . (npm)

Updates

Package From To Type Vulnerabilities Fixed
@biomejs/biome 2.0.6 2.3.14 minor -
prettier 3.7.4 3.8.1 minor -
typescript 5.8.3 5.9.3 minor -
webpack 5.99.9 5.105.0 minor 4 LOW
@types/node 18.19.128 18.19.130 patch -
jest 30.0.4 30.0.5 patch -
terser-webpack-plugin 5.3.14 5.3.16 patch -
ts-loader 9.5.2 9.5.4 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (4)
Package CVE Severity Summary Unsafe Version Fixed In
webpack GHSA-8fgc-7cc6-rx7x LOW webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior 5.99.9 5.104.1
webpack CVE-2025-68458 LOW webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior 5.99.9 -
webpack GHSA-38r7-794h-5758 LOW webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence 5.99.9 5.104.0
webpack CVE-2025-68157 LOW webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects 5.99.9 -

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod bot requested a review from a team as a code owner February 13, 2026 17:20
@greghuels
Copy link
Copy Markdown
Collaborator

greghuels commented Feb 19, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 bot commented Feb 19, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-02-19 17:22:19 UTC ℹ️ Start processing command /merge

2026-02-19 17:22:24 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 0s (p90).

2026-02-19 17:29:42 UTCMergeQueue: This merge request was updated

This PR is rejected because it was updated

@greghuels
Copy link
Copy Markdown
Collaborator

greghuels commented Feb 19, 2026

/merge -m squash

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 bot commented Feb 19, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-02-19 17:30:01 UTC ℹ️ Start processing command /merge -m squash

2026-02-19 17:30:07 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 0s (p90).

2026-02-19 17:31:13 UTCMergeQueue: This merge request was updated

This PR is rejected because it was updated

@greghuels greghuels force-pushed the engraver-auto-version-upgrade/minorpatch/npm/1-1771003142 branch from ce168e1 to 4af1ffc Compare February 19, 2026 17:31
@greghuels
Copy link
Copy Markdown
Collaborator

greghuels commented Feb 19, 2026

/merge -m squash

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 bot commented Feb 19, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-02-19 17:33:36 UTC ℹ️ Start processing command /merge -m squash

2026-02-19 17:33:42 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 0s (p90).

2026-02-19 19:09:46 UTC ℹ️ MergeQueue: This merge request was already merged

This pull request was merged directly.

@greghuels greghuels merged commit 54313ad into main Feb 19, 2026
5 checks passed
@greghuels greghuels deleted the engraver-auto-version-upgrade/minorpatch/npm/1-1771003142 branch February 19, 2026 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greghuels greghuels greghuels approved these changes

@leoromanovsky leoromanovsky Awaiting requested review from leoromanovsky leoromanovsky is a code owner automatically assigned from DataDog/feature-flagging-and-experimentation-sdk

Assignees

No one assigned

Labels

adms-dependency-update adms-low-severity adms-minor-update adms-mode-all-updates adms-npm campaigner-automated-change mergequeue-status: done

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@greghuels