Skip to content

fix: vulnerabilities#2548

Merged
JivusAyrus merged 4 commits intomainfrom
suvij/eng-8729-vanta-remediate-medium-vulnerabilities
Feb 24, 2026
Merged

fix: vulnerabilities#2548
JivusAyrus merged 4 commits intomainfrom
suvij/eng-8729-vanta-remediate-medium-vulnerabilities

Conversation

@JivusAyrus
Copy link
Copy Markdown
Member

@JivusAyrus JivusAyrus commented Feb 23, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated development build tooling and related dev-dependencies for the theme to improve build stability.
    • Added package resolution overrides to enforce safer dependency versions.
    • Updated the base container image used for the keycloak service to a newer runtime image.

Checklist

@JivusAyrus JivusAyrus requested a review from endigma February 23, 2026 18:28
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Feb 23, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 884660f and d7ecc26.

📒 Files selected for processing (1)
  • keycloak/Dockerfile

Walkthrough

Updates dev tooling versions in keycloak/theme/package.json, adds pnpm override entries for mdast-util-to-hast and js-yaml in the root package.json, and bumps the base image in keycloak/Dockerfile from timbru31/java-node:17-jdk-18 to timbru31/java-node:17-jdk-22.

Changes

Cohort / File(s) Summary
Theme Build Dependencies
keycloak/theme/package.json		 Bumps devDependencies: @parcel/transformer-image and @parcel/transformer-sass from ^2.9.3 to ^2.16.4; parcel from ^2.9.3 to ^2.16.4; nodemon from ^2.0.15 to ^3.1.14.
Root Dependency Overrides
package.json		 Adds pnpm.overrides entries for mdast-util-to-hast: ">=13.2.1" and js-yaml: ">=4.1.1" (retains existing qs override).
Docker base image
keycloak/Dockerfile		 Updates base image tag from timbru31/java-node:17-jdk-18 to timbru31/java-node:17-jdk-22.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'fix: vulnerabilities' is vague and generic, using a non-descriptive term that doesn't convey meaningful information about which vulnerabilities are being addressed or how they're being fixed. Consider a more specific title that identifies the primary change, such as 'fix: update dependencies to address security vulnerabilities' or 'fix: upgrade base image and dev dependencies to remediate vulnerabilities'.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Feb 23, 2026
edited
Loading

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-ae37ee2c5125db14681d18af8d211322ce4c0425

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Feb 23, 2026

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-1fa9b0d5638d1e53b862c66ba20c86d140bed151

@codecov
Copy link
Copy Markdown

codecov Bot commented Feb 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.56%. Comparing base (153432d) to head (edd98a6).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #2548       +/-   ##
===========================================
- Coverage   62.77%   43.56%   -19.22%     
===========================================
  Files         242     1030      +788     
  Lines       25560   143745   +118185     
  Branches        0     8941     +8941     
===========================================
+ Hits        16046    62617    +46571     
- Misses       8178    79435    +71257     
- Partials     1336     1693      +357

see 803 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

endigma
endigma reviewed Feb 23, 2026
View reviewed changes
Comment thread package.json
StarpTech
StarpTech approved these changes Feb 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@StarpTech StarpTech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@JivusAyrus JivusAyrus merged commit 9972295 into main Feb 24, 2026
68 of 72 checks passed
@JivusAyrus JivusAyrus deleted the suvij/eng-8729-vanta-remediate-medium-vulnerabilities branch February 24, 2026 17:39
@coderabbitai coderabbitai Bot mentioned this pull request Feb 26, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StarpTech StarpTech StarpTech approved these changes

@endigma endigma endigma approved these changes

@wilsonrivera wilsonrivera Awaiting requested review from wilsonrivera wilsonrivera is a code owner

@thisisnithin thisisnithin Awaiting requested review from thisisnithin thisisnithin is a code owner

Assignees

No one assigned

Labels

monorepo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JivusAyrus @StarpTech @endigma