Skip to content

Health Check - Ignore unfixable replicator and elliptic advisories#33723

Closed
aleksei-semikozov wants to merge 1 commit into
DevExpress:26_1from
aleksei-semikozov:security-js-cookie-26_1
Closed

Health Check - Ignore unfixable replicator and elliptic advisories#33723
aleksei-semikozov wants to merge 1 commit into
DevExpress:26_1from
aleksei-semikozov:security-js-cookie-26_1

Conversation

@aleksei-semikozov
Copy link
Copy Markdown
Contributor

@aleksei-semikozov aleksei-semikozov commented May 26, 2026

No description provided.

@aleksei-semikozov aleksei-semikozov self-assigned this May 26, 2026
@aleksei-semikozov aleksei-semikozov changed the title Security - Update js-cookie to 3.0.7 (GHSA-qjx8-664m-686j) Security - Update js-cookie, qs and webpack-dev-server May 26, 2026
@aleksei-semikozov aleksei-semikozov changed the title Security - Update js-cookie, qs and webpack-dev-server Security - Update js-cookie, qs and webpack-dev-server. Ignore replicator and elliptic May 26, 2026
@aleksei-semikozov aleksei-semikozov marked this pull request as ready for review May 26, 2026 13:47
@aleksei-semikozov aleksei-semikozov requested a review from a team as a code owner May 26, 2026 13:47
Copilot AI review requested due to automatic review settings May 26, 2026 13:47
Copilot AI reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates dependency resolutions in the DevExtreme monorepo to address security advisories by forcing patched versions via pnpm overrides, and adjusts the GitHub Health Check workflow to ignore advisories that are currently not fixable upstream.

Changes:

  • Force updated versions for js-cookie (3.0.7), qs (6.15.2), and webpack-dev-server (5.2.4) via pnpm.overrides.
  • Regenerate pnpm-lock.yaml to reflect the updated resolutions.
  • Extend Health Check ignored advisories to include replicator and elliptic.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
package.json Updates pnpm.overrides to enforce patched dependency versions.
pnpm-lock.yaml Lockfile changes reflecting updated dependency graph/resolutions.
.github/workflows/health-check.yml Adds ignored advisories for replicator and elliptic.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

Comment thread package.json Outdated
"braces@<3.0.3": "^3.0.3",
"semver@<5.7.2": "^5.7.2",
"qs": ">=6.14.2",
"qs": ">=6.15.2",
@aleksei-semikozov aleksei-semikozov changed the title Security - Update js-cookie, qs and webpack-dev-server. Ignore replicator and elliptic Health Check - Ignore unfixable replicator and elliptic advisories May 26, 2026
@aleksei-semikozov aleksei-semikozov force-pushed the security-js-cookie-26_1 branch from eb3d48a to 5b286d1 Compare May 26, 2026 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@aleksei-semikozov aleksei-semikozov

Labels

26_1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aleksei-semikozov