os icon indicating copy to clipboard operation
os copied to clipboard
verified publisher icon wolfi-dev

renovate: fix GHSA-5j98-mcp5-4vw2 and GHSA-mh29-5h37-fv8m by updating glob and js-yaml

Open jamie-albert opened this issue 1 month ago • 0 comments

Summary

Fixes GHSA-5j98-mcp5-4vw2 and GHSA-mh29-5h37-fv8m in renovate by adding pnpm overrides for glob and js-yaml.

Changes

  • Incremented epoch to 1
  • Added pnpm overrides to update:
    • glob to 10.5.0 (fixes GHSA-5j98-mcp5-4vw2)
    • js-yaml to 4.1.1 (fixes GHSA-mh29-5h37-fv8m)

Verification

  • [ ] Build succeeds: make package/renovate
  • [ ] Scan confirms CVEs resolved: wolfictl scan packages/*/*/renovate-*.apk

References

  • GHSA-5j98-mcp5-4vw2: glob < 10.5.0 vulnerability
  • GHSA-mh29-5h37-fv8m: js-yaml < 4.1.1 vulnerability

jamie-albert avatar Nov 26 '25 04:11 jamie-albert