Skip to content

[pull] main from guacsec:main#210

Merged
pull[bot] merged 3 commits into
trustification:mainfrom
guacsec:main
Jul 15, 2026
Merged

[pull] main from guacsec:main#210
pull[bot] merged 3 commits into
trustification:mainfrom
guacsec:main

Conversation

@pull

@pull pull Bot commented Jul 15, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

Matej Nesuta and others added 3 commits July 15, 2026 06:36
js-yaml 4.1.1 is vulnerable to algorithmic complexity denial of service
via crafted YAML merge keys (<<). Repeating the same alias in a merge
sequence causes O(K*M) work in mergeMappings() while input size is
O(K+M), blocking the event loop with payloads as small as tens of KB.

Fixed upstream in 4.2.0 (merge deduplication) and hardened in 4.3.0
(maxTotalMergeKeys limit backport).

Assisted-by: Claude Code
Availability of RDS PostgreSQL engine version and instance class
selections depends on the AWS Region.

Exposing these (engine version and instance class) as variables,
makes it easier to tweak the values for user selected region.
@pull pull Bot locked and limited conversation to collaborators Jul 15, 2026
@pull pull Bot added the ⤵️ pull label Jul 15, 2026
@pull
pull Bot merged commit 23a72ec into trustification:main Jul 15, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants