chore: update @devrev/ts-adaas to 1.19.10 and fix package vulnerabilities#90
Merged
Conversation
…ties Bump @devrev/ts-adaas 1.19.7 -> 1.19.10 (latest). No migration guides in the intermediate releases (1.19.8-1.19.10) — all feature adds and dep bumps. Regenerating the lockfile resolves two Snyk findings to their patched versions within existing semver ranges (no overrides needed): - form-data 4.0.5 -> 4.0.6 (CRLF Injection, via axios) - protobufjs 7.6.2 -> 7.6.4 (Improper Check for Exceptional Conditions, via @devrev/typescript-sdk) Verified: tsc --noEmit, lint, and build all pass. Remaining Snyk findings are dev-only and not fixable cleanly today: - brace-expansion 5.0.6 (High): fix 5.0.7 not yet published to npm - inflight 1.0.6 (Medium): abandoned, no patched version exists - js-yaml 3.14.2 (Medium): fix requires 4.x, blocked by parent's ^3.13.1 pin Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
gasperzgonec
approved these changes
Jul 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related issue: https://app.devrev.ai/devrev/issue/ASCPT-41
Summary
Bumps
@devrev/ts-adaasincode/from 1.19.7 → 1.19.10 (latest) and clears the package vulnerabilities that were fixable within existing semver ranges.No migration guides existed in the intermediate releases (1.19.8–1.19.10) — all feature adds and dependency bumps.
Vulnerability fixes
Regenerating the lockfile pulled two transitive deps up to their patched versions (no
overridesneeded — the highest version satisfying each parent's range is already the fixed one):form-dataaxiosprotobufjs@devrev/typescript-sdkSnyk result: 5 issues / 19 paths → 3 issues / 13 paths.
Remaining findings (dev-only, not fixable today)
None of these ship in the deployed connector runtime — all are devDependencies (jest/eslint/nodemon tooling):
brace-expansion5.0.6 (High) — fix5.0.7is not yet published to npm (latestis still 5.0.6); nothing to upgrade to.inflight1.0.6 (Medium) — abandoned package, no patched version exists.js-yaml3.14.2 (Medium) — fix requires 4.x, blocked by parent@istanbuljs/load-nyc-config's^3.13.1pin; only reachable via an override (deliberately not added).Verification
npx tsc --noEmitnpm run lintnpm run build🤖 Generated with Claude Code