thiagoelg commented on code in PR #3612: URL: https://github.com/apache/incubator-kie-tools/pull/3612#discussion_r3373547173
########## pnpm-workspace.yaml: ########## @@ -14,6 +15,8 @@ overrides: "minimatch@^3>brace-expansion": "1.1.13" "minimatch@^5>brace-expansion": "^2.0.3" "openapi-types": "7.2.3" + # CVE-2026-8723: Fix TypeError in qs.stringify (comma arrayFormat + encodeValuesOnly with null/undefined) + "qs": "6.15.2" Review Comment: `[email protected]` is already present in the lockfile, but `@cypress/[email protected]` enforces the older version because it specifies `qs` version with a tilde (`~`), locking major and minor upgrades, instead of the caret (`^`). The appropriate override would only need to target the ``@cypress/[email protected]` dependency. ```suggestion # CVE-2026-8723: Fix TypeError in qs.stringify (comma arrayFormat + encodeValuesOnly with null/undefined) # Overriding transitive dependency until @cypress/request updates to patched qs version "@cypress/request@^3>qs": "6.15.2" ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
