Skip to content

Fix dependabot security alerts: update handlebars, flatted, minimatch, lodash, picomatch, cross-spawn#87

Merged
maximizeIT merged 2 commits intomainfrom
copilot/fix-dependabot-alerts-handlebars-flatted
Mar 30, 2026
Merged

Fix dependabot security alerts: update handlebars, flatted, minimatch, lodash, picomatch, cross-spawn#87
maximizeIT merged 2 commits intomainfrom
copilot/fix-dependabot-alerts-handlebars-flatted

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 29, 2026
edited
Loading

  • Remove accidentally created README.MD (duplicate of README.md with uppercase extension)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@maximizeIT
Fix dependabot security alerts: update handlebars, flatted, minimatch…
e0e91b7 
…, lodash, picomatch, cross-spawn

- Update handlebars devDependency from ^4.7.7 to ^4.7.9 (fixes 5 CVEs)
- Run npm audit fix: flatted 3.3.3→3.4.2, minimatch 3.1.2→3.1.5,
  lodash 4.17.21→4.17.23, picomatch 2.3.1→2.3.2, and others
- Add overrides.cross-spawn >=7.0.6 to fix pre-commit vulnerability

All 76 tests pass, lint clean, npm audit reports 0 vulnerabilities.

Co-authored-by: GitHub Copilot <copilot@noreply.github.com>

Agent-Logs-Url: https://github.com/Staffbase/plugins-sdk-nodejs/sessions/8211c93b-6881-49da-8e5a-efa8ac6e3a76

Co-authored-by: maximizeIT <8626039+maximizeIT@users.noreply.github.com>
Copilot AI requested a review from maximizeIT March 29, 2026 07:17
@maximizeIT
Remove accidentally created README.MD duplicate
d25ed2c 
Co-authored-by: GitHub Copilot <copilot@noreply.github.com>

Agent-Logs-Url: https://github.com/Staffbase/plugins-sdk-nodejs/sessions/41724268-372f-49f5-b9db-0e1e7ab51ce2

Co-authored-by: maximizeIT <8626039+maximizeIT@users.noreply.github.com>
@maximizeIT maximizeIT marked this pull request as ready for review March 29, 2026 07:44
@maximizeIT maximizeIT requested a review from a team as a code owner March 29, 2026 07:44
@maximizeIT maximizeIT enabled auto-merge March 29, 2026 07:46
@maximizeIT maximizeIT merged commit 6cb8a69 into main Mar 30, 2026
9 checks passed
@maximizeIT maximizeIT deleted the copilot/fix-dependabot-alerts-handlebars-flatted branch March 30, 2026 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@m-seidel m-seidel m-seidel approved these changes

@jeanine-staffbase jeanine-staffbase jeanine-staffbase approved these changes

@maximizeIT maximizeIT Awaiting requested review from maximizeIT

@Ninerian Ninerian Awaiting requested review from Ninerian Ninerian is a code owner automatically assigned from Staffbase/need-for-speed-devs

@PujaSingh7655 PujaSingh7655 Awaiting requested review from PujaSingh7655 PujaSingh7655 is a code owner automatically assigned from Staffbase/need-for-speed-devs

Assignees

@maximizeIT maximizeIT

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@m-seidel @jeanine-staffbase @maximizeIT