Skip to content

Security enhancements#82

Merged
TwitchBronBron merged 1 commit into
masterfrom
bugfix/security-audit
Jun 23, 2026
Merged

Security enhancements#82
TwitchBronBron merged 1 commit into
masterfrom
bugfix/security-audit

Conversation

@chrisdp

@chrisdp chrisdp commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Clears the outstanding high-severity audit advisory and aligns the audit gate with the other RokuCommunity repos.

  • Bump form-data 2.5.52.5.6 (lockfile), clearing the CRLF advisory GHSA-hmw2-7cc7-3qxx. It comes in transitively via roku-deploy@types/request (which allows ^2.5.5), so no manifest change is needed. Same bump the sibling repos already merged.
  • Raise the npm audit step to --audit-level=high so the audit script only gates on high and above.

No high/critical advisories remain; build passes.

- Bump form-data to 2.5.6, clearing the CRLF advisory
  (GHSA-hmw2-7cc7-3qxx) pulled in transitively via @types/request
- Raise the npm audit step to --audit-level=high
@TwitchBronBron TwitchBronBron merged commit 7dd56a7 into master Jun 23, 2026
5 checks passed
@TwitchBronBron TwitchBronBron deleted the bugfix/security-audit branch June 23, 2026 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants