Skip to content

Comments

Update eslint, ajv, and qs to fix CVEs#1537

Merged
kmcginnes merged 2 commits intoaws:mainfrom
kmcginnes:fix/other-deps
Feb 23, 2026
Merged

Update eslint, ajv, and qs to fix CVEs#1537
kmcginnes merged 2 commits intoaws:mainfrom
kmcginnes:fix/other-deps

Conversation

@kmcginnes
Copy link
Collaborator

@kmcginnes kmcginnes commented Feb 23, 2026

Description

  • Update eslint from 10.0.1 to 10.0.2, which natively depends on ajv@^6.14.0 (the patched version)
  • Remove the ajv pnpm override since eslint 10.0.2 resolves it correctly
  • Add pnpm override for qs@>=6.7.0 <6.14.2>=6.14.2 to fix the CVE in the body-parser transitive dependency

Validation

  • pnpm audit reports no vulnerabilities
  • pnpm check:lint passes
  • pnpm check:types passes
  • pnpm test passes (1196 tests)

Check List

  • I confirm that my contribution is made under the terms of the Apache 2.0
    license.
  • I have run pnpm checks to ensure code compiles and meets standards.
  • I have run pnpm test to check if all tests are passing.
  • I have covered new added functionality with unit tests if necessary.
  • I have added an entry in the Changelog.md.

@kmcginnes kmcginnes changed the title Update ajv and qs to latest versions Update eslint, ajv, and qs to fix CVEs Feb 23, 2026
@kmcginnes kmcginnes marked this pull request as ready for review February 23, 2026 23:16
@kmcginnes
Copy link
Collaborator Author

Merging without review.

@kmcginnes kmcginnes merged commit 0560aac into aws:main Feb 23, 2026
2 checks passed
@kmcginnes kmcginnes deleted the fix/other-deps branch February 23, 2026 23:20
@codecov
Copy link

codecov bot commented Feb 24, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.17%. Comparing base (c5affc5) to head (11dbecd).
⚠️ Report is 73 commits behind head on main.

Additional details and impacted files
@@             Coverage Diff             @@
##             main    #1537       +/-   ##
===========================================
+ Coverage   47.81%   65.17%   +17.35%     
===========================================
  Files         382      355       -27     
  Lines        8525     7930      -595     
  Branches     3159     2901      -258     
===========================================
+ Hits         4076     5168     +1092     
+ Misses       3070     1993     -1077     
+ Partials     1379      769      -610     
Flag Coverage Δ
unittests 65.17% <ø> (+17.35%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant