Skip to content

chore(deps): upgrade lerna to ^9.0.7#662

Open
inlined wants to merge 1 commit into
mainfrom
security-audit/lerna-v9-upgrade
Open

chore(deps): upgrade lerna to ^9.0.7#662
inlined wants to merge 1 commit into
mainfrom
security-audit/lerna-v9-upgrade

Conversation

@inlined

@inlined inlined commented Jul 1, 2026

Copy link
Copy Markdown
Member

Security Audit & Remediation: apphosting-adapters

A. Previous CVEs

B. Changes Made

  • Updated lerna from 8.2.2 to 9.0.7 in root package.json and regenerated package-lock.json. This resolves transitive vulnerabilities introduced by the old lerna dependencies.

C. Remaining CVEs

  • 97 remaining vulnerabilities (10 low, 42 moderate, 42 high, 3 critical) inside other packages in the workspaces (e.g. undici, svelte, vite etc.). These are unrelated to Lerna.

D. Introduced CVEs

  • None.

E. Testing Strategy

  • Verified local installation and lockfile generation.
  • Ran npm run build locally.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the dependency lerna from version ^8.2.2 to ^9.0.7 in package.json. There are no review comments, and I have no feedback to provide.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant