Skip to content

[Vanta] Fix Medium vulnerabilities in potpie-ui#430

Merged
yashkrishan merged 1 commit into
mainfrom
cursor/POT-1642-vanta-vulnerability-remediation-3881
Jun 17, 2026
Merged

[Vanta] Fix Medium vulnerabilities in potpie-ui#430
yashkrishan merged 1 commit into
mainfrom
cursor/POT-1642-vanta-vulnerability-remediation-3881

Conversation

@cursor

@cursor cursor Bot commented Jun 16, 2026

Copy link
Copy Markdown

Linear issue: https://linear.app/potpie/issue/POT-1642/vanta-npm-opentelemetrycore-280cve-2026-54285-medium-vulnerabilities-1

Packages/CVEs fixed:

  • @opentelemetry/core upgraded/resolved to 2.8.0 for CVE-2026-54285 via a targeted pnpm override.

Verification:

  • rg "@opentelemetry/core@2\.[0-7]\.|@opentelemetry/core: 2\.[0-7]\." pnpm-lock.yaml returned no matches.
  • npx pnpm@9.15.9 install --frozen-lockfile passed.
  • npx pnpm@9.15.9 audit --prod --audit-level moderate ran and did not report @opentelemetry/core; it still fails on unrelated existing form-data, protobufjs, and dompurify advisories outside this issue scope.
  • npx pnpm@9.15.9 run build passed.
  • npx pnpm@9.15.9 run lint passed with existing warnings.
Open in Web View Automation 

Co-authored-by: sham <sham@potpie.ai>
@linear-code

linear-code Bot commented Jun 16, 2026

Copy link
Copy Markdown

POT-1642

@cursor cursor Bot requested a review from yashkrishan June 16, 2026 13:15
@github-actions

Copy link
Copy Markdown

@yashkrishan yashkrishan marked this pull request as ready for review June 17, 2026 05:56
@yashkrishan yashkrishan merged commit 3722332 into main Jun 17, 2026
4 checks passed
@yashkrishan yashkrishan deleted the cursor/POT-1642-vanta-vulnerability-remediation-3881 branch June 17, 2026 05:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants