Skip to content

⚠️ Sync upstream/integration (71b926e) -> main 2026-04-20 (deployment changes present)#402

Open
ffaraone wants to merge 12 commits intomainfrom
sync-71b926e
Open

⚠️ Sync upstream/integration (71b926e) -> main 2026-04-20 (deployment changes present)#402
ffaraone wants to merge 12 commits intomainfrom
sync-71b926e

Conversation

@ffaraone
Copy link
Copy Markdown
Collaborator

@ffaraone ffaraone commented Apr 20, 2026

This PR syncs the latest changes from upstream to main.

DoRightt and others added 12 commits April 15, 2026 11:32
@DoRightt
OSN-1407. [Dependabot] Prototype Pollution via parse() in NodeJS flatted
4bd504a 
## Description

_flatted_ version updated to 3.4.2
@DoRightt
OSN-1410. [Dependabot] Axios has Unrestricted Cloud Metadata Exfiltra…
b9ad1d4 
…tion via Header Injection Chain

## Description

Axios version up from 1.13.5 to 1.15.0
@DoRightt
OSN-1408. [Dependabot] Immutable is vulnerable to Prototype Pollution
4468674 
## Description

- update @graphql-codegen/* dependencies to latest minor versions
- Disable "no-redeclare" rule for _\*\*/graphql/__generated__/\*\*_
files due to function overloads generated by
@graphql-codegen/typescript-react-apollo
(dotansimha/graphql-code-generator-community@78ff366)
@stanfra
Pull request update/260416
1de98c8 
4468674 OSN-1408. [Dependabot] Immutable is vulnerable to Prototype Pollution
b9ad1d4 OSN-1410. [Dependabot] Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
4bd504a OSN-1407. [Dependabot] Prototype Pollution via parse() in NodeJS flatted
@ek-hystax
OSN-1414. Bump terser-webpack-plugin to 5.4.0
f191e95
@ek-hystax
OSN-1413. Bump packages
dafc606 
* lodash to 4.18.1
* @graphql-codegen/cli to 6.3.0
*  @graphql-codegen/typescript to 5.0.10
 * @graphql-codegen/typescript-resolvers to 5.1.8
@DoRightt
OSN-1417. [Dependabot] Picomatch has a ReDoS vulnerability via extglo…
d6c63f9 
…b quantifiers

## Description

- _typescript-eslint_ updated to v8.58.2
- _picomatch_ updated to v2.3.2 || v4.0.4
@DoRightt
OSN-1419. [Depenabot] path-to-regexp vulnerable to Regular Expression…
6af3731 
… Denial of Service via multiple route parameters

## Description

_path-to-regexp_ updated to v0.1.13
@DoRightt
OSN-1422. [Dependabot] xpress-rate-limit: IPv4-mapped IPv6 addresses …
0b7e232 
…bypass per-client rate limiting on servers with dual-stack network

## Description

_express-rate-limit_ updated to v8.1.1
@ek-hystax
OSN-1413. bump lodash-es to 4.18.1
296d4eb
@DoRightt
OSN-1412. [Dependabot] minimatch has a ReDoS via repeated wildcards w…
abf1345 
…ith non-matching literal in pattern

## Description

_minimatch_ updated
@stanfra
Pull request update/260420
71b926e 
abf1345 OSN-1412. [Dependabot] minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
296d4eb OSN-1413. bump lodash-es to 4.18.1
0b7e232 OSN-1422. [Dependabot] xpress-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network
6af3731 OSN-1419. [Depenabot] path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
d6c63f9 OSN-1417. [Dependabot] Picomatch has a ReDoS vulnerability via extglob quantifiers
dafc606 OSN-1413. Bump packages
f191e95 OSN-1414. Bump terser-webpack-plugin to 5.4.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ffaraone @DoRightt @stanfra @ek-hystax