Skip to content

Fix Dependabot security audit findings#508

Closed
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/dependabot-security-alerts-f330
Closed

Fix Dependabot security audit findings#508
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/dependabot-security-alerts-f330

Conversation

@cursor

@cursor cursor Bot commented May 22, 2026

Copy link
Copy Markdown
Contributor

Summary

  • refreshed vulnerable transitive dependencies in yarn.lock within existing semver ranges
  • added a targeted uuid@11.1.1 resolution because Storybook 8's @storybook/addon-actions still depends on vulnerable uuid@^9.0.0, while the patched line starts at 11.1.1
  • left existing deprecation-only audit notices untouched

Verification

  • yarn install --immutable
  • yarn npm audit --all --recursive --json (no remaining GitHub advisory URLs; still reports deprecation notices)
  • yarn jest --runInBand
  • yarn build-storybook
Open in Web View Automation 

cursoragent and others added 2 commits May 22, 2026 15:42
Co-authored-by: Andreja Kogovsek <andrejak@users.noreply.github.com>
Co-authored-by: Andreja Kogovsek <andrejak@users.noreply.github.com>
@igorp1 igorp1 closed this Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants