Skip to content

Upgrade tmp to 0.2.7 (CVE-2026-44705)#423

Merged
tomcardoso merged 1 commit into
mainfrom
fix/tmp-security
Jun 5, 2026
Merged

Upgrade tmp to 0.2.7 (CVE-2026-44705)#423
tomcardoso merged 1 commit into
mainfrom
fix/tmp-security

Conversation

@tomcardoso

Copy link
Copy Markdown
Owner

Summary

Switches the tmp override from a GitHub commit reference to the published 0.2.7 release, resolving Dependabot alert #30.

The fix commit (efa4a06) was already pinned via the GitHub reference so the vulnerability was not exploitable in practice. This change just points to the proper npm release so Dependabot recognises it as resolved and the dependency is easier to audit going forward.

Closes #30 (Dependabot alert)

Switches the tmp override from a GitHub commit reference to the published
0.2.7 release. The fix commit (efa4a06) was already in place; this just
makes the version resolvable by Dependabot and easier to reason about.

Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
@tomcardoso tomcardoso merged commit 05d22a0 into main Jun 5, 2026
1 check passed
@tomcardoso tomcardoso deleted the fix/tmp-security branch June 5, 2026 21:40
@tomcardoso tomcardoso mentioned this pull request Jun 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant