Skip to content

fix: resolve remaining Dependabot security alerts#833

Merged
nicoloboschi merged 3 commits intomainfrom
fix/remaining-dependabot-alerts
Apr 1, 2026
Merged

fix: resolve remaining Dependabot security alerts#833
nicoloboschi merged 3 commits intomainfrom
fix/remaining-dependabot-alerts

Conversation

@dcbouius
Copy link
Copy Markdown
Contributor

@dcbouius dcbouius commented Apr 1, 2026

Summary

Resolves all 12 remaining open Dependabot alerts:

  • 6x handlebars (critical/high/moderate)
  • 2x brace-expansion (moderate)
  • 1x serialize-javascript (moderate)
  • 1x path-to-regexp (high)
  • 2x Pygments (moderate)

Test plan

  • npm audit returns 0 vulnerabilities
  • Docusaurus build succeeds
  • CI passes

dcbouius added 3 commits April 1, 2026 08:54
@dcbouius
fix: resolve remaining Dependabot security alerts
71463b1 
- Regenerate package-lock.json so npm overrides take effect
  (serialize-javascript, handlebars, path-to-regexp, brace-expansion)
- Upgrade Pygments 2.19.2 -> 2.20.0 in crewai and integration-tests
  lockfiles (fixes ReDoS via GUID matching)
@dcbouius
fix: resolve duplicate alembic revision ID d6e7f8a9b0c1
d4e1f7b 
Two migrations shared the same revision ID: the merge migration
(drop_documents_metadata_column) and the trigram index migration
(case_insensitive_entities_trgm_index). Assign a new unique ID
to the trigram migration and update the downstream dependency.
@dcbouius
chore: fix lint formatting for generated and existing files
9e74e52
@nicoloboschi nicoloboschi merged commit 300d089 into main Apr 1, 2026
45 of 47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dcbouius @nicoloboschi