Conversation
- Added 3 Docker CVE suppression(s) to .grype.yaml - Added 4 GHSA ID(s) to audit-ci.jsonc allowlist - Added 4 npm vulnerability ignore(s) to .grype.yaml - Confidence score: 100% 🤖 Generated with ml-repo-maintenance Co-Authored-By: ml-repo-maintenance <noreply@mojaloop.org>
…remove brace-expansion 5.0.1 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… update CI orb to 1.1.16 Cast request.headers to Record<string, string> for compatibility with @hapi/hapi 21.4.6 which changed header types to include string[] | undefined. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Orb version 1.1.16 has a bug where the Grype scan job requires only Setup instead of Build, causing it to fail because the Docker image hasn't been built yet. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add parentheses around type assertions for prettier compliance, and update outdated dependencies. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
Author
|
Regarding the code changes, they are required due to: A breaking change on the patch update to @hapi/hapi PR #4562 by damusix, titled "fix: auth typings and reduced type The PR description says: "Remove ambiguous types" — which is exactly The exact diff in lib/types/request.d.ts The key change (v21.4.4...v21.4.5 comparison):
export interface RequestQuery {
Why it's breaking
This is a narrowing of a public type contract in a patch release, Links
|
…rrides Add version-specific npm overrides for vulnerable minimatch versions: - minimatch@3.0.5 → 3.1.5 - minimatch@3.1.2 → 3.1.5 - minimatch@5.1.6 → 5.1.9 - minimatch@7.4.6 → 7.4.9 Remove GHSA-3ppc-4f35-3m26 from audit-ci.jsonc allowlist (now patched). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🔒 Security & Dependency Updates
Summary
This PR updates dependencies and applies security patches to address vulnerabilities.
Confidence Score: 100% ✅ (Standard PR - ready for review)
🐳 Docker Image Updates
Docker CVE Suppressions
Added 3 Docker-specific vulnerability suppression(s) to
.grype.yaml.These are Alpine (apk), Node.js binary, or base image npm vulnerabilities that cannot be fixed via application dependencies.
Docker Image Scan Results
📋 Audit CI Allowlist Updates
Added 4 unfixable vulnerability ID(s) to
audit-ci.jsoncallowlist.These are transitive vulnerabilities in upstream dependencies that cannot be resolved here.
🔍 Grype npm Vulnerability Ignores
Added 4 unfixable npm vulnerability ignore(s) to
.grype.yaml.These are transitive npm vulnerabilities that are also checked by Grype CI scans.
✅ Validation Results
No validation checks were run.
🤖 Automated Changes
This PR was automatically generated by ml-repo-maintenance.
Changed Files:
package.json- Updated dependency versions and added npm overrides.grype.yaml- Added Docker vulnerability suppressions and npm vulnerability ignoresReview Checklist:
🤖 Generated with ml-repo-maintenance
Co-Authored-By: ml-repo-maintenance noreply@mojaloop.org