Skip to content

Fix Vanta-reported vulnerabilities#767

Closed
calavera wants to merge 1 commit into
mainfrom
vanta/remediate-github-com-tensorlakeai-tensorlake-d-o-gwobobyaoxx
Closed

Fix Vanta-reported vulnerabilities#767
calavera wants to merge 1 commit into
mainfrom
vanta/remediate-github-com-tensorlakeai-tensorlake-d-o-gwobobyaoxx

Conversation

@calavera

Copy link
Copy Markdown
Contributor

Automated remediation for Vanta-reported source repository vulnerabilities.

Vulnerabilities:

  • CVE-2026-33672 (69d2cf107ffd455ec81b9204) severity=MEDIUM package=npm-picomatch >= 4.0.0, < 4.0.4 fixedVersion=4.0.4
  • GHSA-67mh-4wv8-2f99 (69d2cf107ffd455ec81b9207) severity=MEDIUM package=npm-esbuild <= 0.24.2 fixedVersion=0.25.0
  • CVE-2026-39365 (69d572007ffd455ec84373ce) severity=MEDIUM package=npm-vite <= 6.4.1 fixedVersion=6.4.2
  • CVE-2026-39365 (69dffe0fc49233af505b3558) severity=MEDIUM package=npm-vite <= 6.4.1 fixedVersion=6.4.2
  • GHSA-67mh-4wv8-2f99 (69dffe0fc49233af505b355b) severity=MEDIUM package=npm-esbuild <= 0.24.2 fixedVersion=0.25.0
  • CVE-2026-41305 (69ebdbaf65ca9c2adadfe85d) severity=MEDIUM package=npm-postcss < 8.5.10 fixedVersion=8.5.10
  • CVE-2026-41305 (69ebdbaf65ca9c2adadfe862) severity=MEDIUM package=npm-postcss < 8.5.10 fixedVersion=8.5.10
  • CVE-2026-45409 (6a0d17c7bc1dc504a41f305b) severity=MEDIUM package=pip-idna < 3.15 fixedVersion=3.15
  • CVE-2026-45736 (6a0d886fbc1dc504a479799a) severity=MEDIUM package=npm-ws >= 8.0.0, < 8.20.1 fixedVersion=8.20.1
  • CVE-2026-45736 (6a0d886fbc1dc504a479799b) severity=MEDIUM package=npm-ws >= 8.0.0, < 8.20.1 fixedVersion=8.20.1
  • GHSA-3pv8-6f4r-ffg2 (6a1a46d5bc1dc504a4bd8b1c) severity=MEDIUM package=rust-tar <= 0.4.45 fixedVersion=0.4.46
  • CVE-2026-47429 (6a2775a862e224030907ef67) severity=CRITICAL package=npm-vitest < 3.2.6 fixedVersion=3.2.6
  • CVE-2026-47429 (6a2775a862e224030907ef68) severity=CRITICAL package=npm-vitest < 3.2.6 fixedVersion=3.2.6
  • GHSA-g7r4-m6w7-qqqr (6a2cbbd77e098647ce29831d) severity=LOW package=npm-esbuild >= 0.27.3, < 0.28.1 fixedVersion=0.28.1
  • GHSA-g7r4-m6w7-qqqr (6a2cbbd77e098647ce298322) severity=LOW package=npm-esbuild >= 0.27.3, < 0.28.1 fixedVersion=0.28.1
  • GHSA-chgr-c6px-7xpp (6a2cbbd77e098647ce298323) severity=MEDIUM package=rust-pyo3 < 0.29.0 fixedVersion=0.29.0
  • GHSA-36hh-v3qg-5jq4 (6a2cbbd77e098647ce298328) severity=HIGH package=rust-pyo3 < 0.29.0 fixedVersion=0.29.0
  • CVE-2026-53632 (6a30b05a7e098647ceb02fd7) severity=MEDIUM package=npm-vite <= 6.4.2 fixedVersion=6.4.3
  • CVE-2026-53571 (6a30b05a7e098647ceb02fdb) severity=HIGH package=npm-vite <= 6.4.2 fixedVersion=6.4.3
  • CVE-2026-53550 (6a30b05a7e098647ceb02fdf) severity=MEDIUM package=npm-js-yaml <= 4.1.1 fixedVersion=4.2.0
  • CVE-2026-48779 (6a30b05a7e098647ceb02fe3) severity=HIGH package=npm-ws >= 8.0.0, < 8.21.0 fixedVersion=8.21.0
  • CVE-2026-53632 (6a30b05a7e098647ceb02fe7) severity=MEDIUM package=npm-vite <= 6.4.2 fixedVersion=6.4.3
  • CVE-2026-53571 (6a30b05a7e098647ceb02feb) severity=HIGH package=npm-vite <= 6.4.2 fixedVersion=6.4.3
  • CVE-2026-53550 (6a30b05a7e098647ceb02fed) severity=MEDIUM package=npm-js-yaml <= 4.1.1 fixedVersion=4.2.0
  • CVE-2026-48779 (6a30b05a7e098647ceb02fef) severity=HIGH package=npm-ws >= 8.0.0, < 8.21.0 fixedVersion=8.21.0
  • CVE-2026-9697 (6a3515627e098647ce54921a) severity=HIGH package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
  • CVE-2026-9678 (6a3515627e098647ce54921f) severity=MEDIUM package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
  • CVE-2026-9675 (6a3515627e098647ce549222) severity=HIGH package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
  • CVE-2026-9697 (6a3515627e098647ce549224) severity=HIGH package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
  • CVE-2026-9678 (6a3515627e098647ce54922a) severity=MEDIUM package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0
  • CVE-2026-9675 (6a3515627e098647ce54922d) severity=HIGH package=npm-undici >= 8.0.0, < 8.5.0 fixedVersion=8.5.0

Please review the generated changes and CI results before merging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant