Skip to content

Update devDependencies for security fixes (step 1)#95

Merged
bh2smith merged 3 commits into
mainfrom
bh2smith/pla-2048-step-1-trivial-dependency-updates-patchminor-bumps
May 5, 2026
Merged

Update devDependencies for security fixes (step 1)#95
bh2smith merged 3 commits into
mainfrom
bh2smith/pla-2048-step-1-trivial-dependency-updates-patchminor-bumps

Conversation

@bh2smith
Copy link
Copy Markdown
Member

@bh2smith bh2smith commented May 5, 2026

Summary

  • Updates 6 devDependencies (patch/minor bumps) to resolve Dependabot security alerts:
    • ts-jest 29.4.6 → 29.4.9 (fixes handlebars vulnerabilities)
    • jest 30.2.0 → 30.3.0 (fixes picomatch, minimatch vulnerabilities)
    • @typescript-eslint/parser 8.51.0 → 8.59.2 (fixes picomatch 4.x, minimatch 9.x, brace-expansion)
    • @typescript-eslint/eslint-plugin 8.51.0 → 8.59.2
    • prettier 3.7.4 → 3.8.3
    • @types/node 25.0.3 → 25.6.0
  • Build, lint, and unit tests all pass

A follow-up PR will address the remaining vulnerabilities (eslint major version bump, typescript 6.0, and ts-node/diff).

Test plan

  • pnpm run build passes
  • pnpm run lint passes
  • Unit tests pass (e2e tests require API key, unrelated)

Resolves https://linear.app/dune/issue/PLA-2048

bh2smith added 3 commits May 5, 2026 16:22
@bh2smith
Update devDependencies (patch/minor bumps) for security fixes
a937a65 
Resolves Dependabot alerts for handlebars, picomatch, minimatch, and
brace-expansion by updating ts-jest, jest, @typescript-eslint/parser,
@typescript-eslint/eslint-plugin, prettier, and @types/node.
@bh2smith
fix: update paginator e2e test for changed query results
77fd2f4 
Query 966920 now returns blocks 0-8 instead of 1-9, so the hardcoded
expected values were stale.
@bh2smith
fix: poll for completion instead of fixed sleep in execution e2e test
3352664 
The 2-second sleep was flaky — the query sometimes takes longer.
Poll until the execution finishes, matching the pattern used elsewhere.
@bh2smith bh2smith merged commit bf292c2 into main May 5, 2026
2 checks passed
@bh2smith bh2smith deleted the bh2smith/pla-2048-step-1-trivial-dependency-updates-patchminor-bumps branch May 5, 2026 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@belen-pruvost belen-pruvost belen-pruvost approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bh2smith @belen-pruvost