Skip to content

updating package version to fix CVE-2026-25896#35

Merged
jlouk merged 4 commits intomasterfrom
sec/aws-sdk
Mar 10, 2026
Merged

updating package version to fix CVE-2026-25896#35
jlouk merged 4 commits intomasterfrom
sec/aws-sdk

Conversation

@diamond-by
Copy link
Contributor

@diamond-by diamond-by commented Mar 4, 2026

updated @aws-sdk/client-s3, which has a fix for fast-xml-parser (CVE-2026-25896)

@diamond-by diamond-by requested a review from a team as a code owner March 4, 2026 09:47
@diamond-by diamond-by requested review from Copilot and jlouk and removed request for a team March 4, 2026 09:47
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repository’s npm dependency tree to pick up the fast-xml-parser security fix (CVE-2026-25896) via a newer @aws-sdk/client-s3, and bumps the package version accordingly.

Changes:

  • Bump package version from 2.1.1 to 2.1.2.
  • Update package-lock.json to resolve @aws-sdk/client-s3 (and transitive deps) to newer versions that include fast-xml-parser@5.4.1.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Patch version bump for release.
package-lock.json Updates resolved AWS SDK + fast-xml-parser versions to address the CVE.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@diamond-by diamond-by requested a review from Copilot March 5, 2026 09:15
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@diamond-by diamond-by requested a review from Copilot March 5, 2026 09:23
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

jlouk
jlouk requested changes Mar 5, 2026
View reviewed changes
Copy link
Contributor

@jlouk jlouk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Node 20 will be EOL on April 30, 2026. If we are making a backwards incompatible change, let's bump that up even more.

Along the lines of the copilot review, since this is backwards incompatible let's also make this a major version release

@diamond-by diamond-by requested review from Copilot and jlouk March 6, 2026 16:17
Copilot AI reviewed Mar 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@diamond-by diamond-by requested a review from Copilot March 9, 2026 15:09
Copilot AI reviewed Mar 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jlouk jlouk merged commit feb03c4 into master Mar 10, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jlouk jlouk jlouk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@diamond-by @jlouk