Skip to content

fix: update dependencies#28

Merged
jkrenge merged 1 commit intomasterfrom
fix/update-dependencies
Feb 4, 2026
Merged

fix: update dependencies#28
jkrenge merged 1 commit intomasterfrom
fix/update-dependencies

Conversation

@jkrenge
Copy link
Contributor

@jkrenge jkrenge commented Feb 3, 2026
edited
Loading

@parcelLab/backend You think this can have any effect on backend, where this package is used?

@jkrenge jkrenge requested a review from andibeuge February 3, 2026 23:33
lacazeto
lacazeto reviewed Feb 4, 2026
View reviewed changes
Copy link

@lacazeto lacazeto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just curious where is this coming from???

do we have some security alert related to it? That would sound strange to me since this is a dev dependency 😄

anyways, I also don't see any errors or warnings when installing the packages via npm

@jkrenge
Copy link
Contributor Author

jkrenge commented Feb 4, 2026

That is correct, Vanta flagged a lot of repos so I just did an npm update ;)

@andibeuge
Copy link

andibeuge commented Feb 4, 2026

@lacazeto Vanta started to monitor all the dependabot security findings.

e.g. those https://github.com/parcelLab/regionIdentifier/security/dependabot

We have a long list of findings that we need to fix within the next 10 days to meet our SLAs we have for our certifications.

@andibeuge
Copy link

andibeuge commented Feb 4, 2026

@jkrenge @lacazeto we have a similar situation with this https://github.com/parcelLab/typescript-plcommon/security/dependabot

@lacazeto
Copy link

lacazeto commented Feb 4, 2026

@jkrenge @lacazeto we have a similar situation with this https://github.com/parcelLab/typescript-plcommon/security/dependabot

I'm working on those critical / high level ones

@lacazeto
Copy link

lacazeto commented Feb 4, 2026

@lacazeto Vanta started to monitor all the dependabot security findings.

e.g. those https://github.com/parcelLab/regionIdentifier/security/dependabot

We have a long list of findings that we need to fix within the next 10 days to meet our SLAs we have for our certifications.

I was missplaced! This entered my backend email box folder and I didnt notice it was for another project!

@jkrenge
Copy link
Contributor Author

jkrenge commented Feb 4, 2026

@claude If we're updating dependencies here, and then in turn use this as a package in another node app, can this cause any issues? I think not because those dependencies are isolated, right?

lacazeto
lacazeto approved these changes Feb 4, 2026
View reviewed changes
Copy link

@lacazeto lacazeto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just tested main backend with this branch as the dependency
"region_identifier": "github:parcelLab/regionIdentifier#fix/update-dependencies",

Backend eslint-plugin-unicorn version takes precedence in the resolution!

Can't detect any issues! linter still passing!

@jkrenge jkrenge merged commit b67588d into master Feb 4, 2026
3 checks passed
@jkrenge jkrenge deleted the fix/update-dependencies branch February 4, 2026 14:56
@dogabudak
Copy link

dogabudak commented Feb 5, 2026

@claude If we're updating dependencies here, and then in turn use this as a package in another node app, can this cause any issues? I think not because those dependencies are isolated, right?

@claude Answer to your master please

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lacazeto lacazeto lacazeto approved these changes

@andibeuge andibeuge Awaiting requested review from andibeuge

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jkrenge @andibeuge @lacazeto @dogabudak