hanahmily opened a new pull request, #1211: URL: https://github.com/apache/skywalking-banyandb/pull/1211
## Summary Bump Go and npm dependencies to clear Dependabot advisories on the `default` branch. ### Advisories cleared | Ecosystem | Package | Before | After | CVE | |---|---|---|---|---| | go | `golang.org/x/net` | v0.52.0 | v0.56.0 | CVE-2026-25680 (HTML parser DoS) | | go | `opencontainers/runc` | v1.3.3 | v1.3.6 | CVE-2026-41579 (/dev symlink host FS access) | | npm | `echarts` (ui) | ^5.5.0 | ^6.1.0 | CVE-2026-45249 (XSS) | Also includes transitive bumps: `golang.org/x/crypto` (v0.49.0→v0.53.0), `google.golang.org/grpc` (v1.80.0→v1.82.0), `go.uber.org/zap` (v1.27.1→v1.28.0), `golang.org/x/sys` (v0.43.0→v0.46.0), and several more indirect updates. mcp lockfile refreshed for current semver-safe ranges; no major bumps in mcp. ### Stale Dependabot alerts (will auto-close on next scan) The remaining 4 mcp Dependabot alerts are stale and will auto-close when Dependabot next scans the updated lockfile: - `vite` and `vitest`: zero references in `mcp/package-lock.json` - `esbuild`: mcp is at v0.28.1 (already past the 0.25.0 fix) - `vite` (ui): already at v8.1.3 (post-fix) ### Chore: license-eye paths-ignore Added `.omc/**` (and variants) to `.licenserc.yaml` `paths-ignore` so that OMC (oh-my-claudecode) session-state files don't break `make license-check` for any developer running OMC locally. Pre-existing hygiene gap; surfaced during CI run. ### Verification - `ui`: `npm run build` ✓, `npm audit` 0 vulnerabilities - `mcp`: `npm run build` (tsc) ✓, `npm run lint` (eslint) ✓, `npm audit` 0 vulnerabilities - `make license-check` ✓ - `make check-req` ✓ - `make build` ✓ (binary `v0.10.0-137-g9027cbfc-dep`) - `make lint` ✓ - `make check` ✓ ### Test plan Per repo convention, automated CI will run unit and integration tests on the PR. e2e tests (FODC/OAP) are skipped locally but should run in CI. 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
