Skip to content

Fix CVEs issues in release/4.11.x branch#9190

Merged
GytisCepk merged 5 commits into
release/4.11.xfrom
gytis/fix-cves-in-4-x
Apr 13, 2026
Merged

Fix CVEs issues in release/4.11.x branch#9190
GytisCepk merged 5 commits into
release/4.11.xfrom
gytis/fix-cves-in-4-x

Conversation

@GytisCepk

Copy link
Copy Markdown
Contributor

rush update -full + necessary bumps and overrides

@GytisCepk GytisCepk requested review from a team as code owners April 10, 2026 15:18
@mergify mergify Bot requested a review from a team April 10, 2026 15:19
Comment thread common/config/rush/pnpm-config.json

@hl662 hl662 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i wonder if we should let copilot draw inspiration from this #8861 and open a separate PR, so we can do rush update --full for 4.11.x branch

@GytisCepk

GytisCepk commented Apr 10, 2026

Copy link
Copy Markdown
Contributor Author

i wonder if we should let copilot draw inspiration from this #8861 and open a separate PR, so we can do rush update --full for 4.11.x branch

I don't really want to start changing code in old branch.

What if we (and this feels wrong typing) disabled those 2 new rules globally for this branch ? There isn't active development or backporting features to this branch, so benefit of those new rules might be non-existant

GytisCepk and others added 2 commits April 13, 2026 10:17
…or to warn

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…patibility

The global override "path-to-regexp@<0.1.13": ">=0.1.13" resolved to v6.3.0,
which has an incompatible API (named exports vs default function export),
causing Express router to crash with 'pathRegexp is not a function'.

Narrowing to ~0.1.13 pins the override to the 0.1.x security patch while
preserving API compatibility.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@GytisCepk GytisCepk enabled auto-merge (squash) April 13, 2026 08:04
@GytisCepk GytisCepk merged commit ca47772 into release/4.11.x Apr 13, 2026
17 checks passed
@GytisCepk GytisCepk deleted the gytis/fix-cves-in-4-x branch April 13, 2026 08:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants