starred/AutoRedact
1
0
Fork 0
mirror of https://github.com/karant-dev/AutoRedact.git synced 2026-04-26 00:05:52 +03:00
Code Issues 10 Projects Releases 5 Packages Wiki Activity

[PR #46] [MERGED] fix: security patch for release v2.1.2 #46

New issue
Closed
opened 2026-03-02 11:45:10 +03:00 by kerem · 0 comments
kerem commented 2026-03-02 11:45:10 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/karant-dev/AutoRedact/pull/46
Author: @karant-dev
Created: 1/18/2026
Status: Merged
Merged: 1/18/2026
Merged by: @karant-dev

Base: mainHead: fix/security-patch

📝 Commits (4)

  • f827431 fix: patch CVE-2026-23745 and upgrade OS packages
  • 44c10eb fix: update npm to latest and patch tar to fix all vulnerabilities
  • 2c527f5 fix: aggressively clean npm cache to prevent false positives
  • 2ab298d ci: improve trivy logging by printing table to console

📊 Changes

2 files changed (+20 additions, -3 deletions)

View changed files

📝 .github/workflows/release.yml (+11 -1)
📝 Dockerfile (+9 -2)

📄 Description

Comprehensively patches all vulnerabilities:

  1. Upgrades OS packages via 'apt-get upgrade'.
  2. Updates 'npm' to latest to fix 'glob' and 'cross-spawn' vulnerabilities.
  3. Manually patches 'tar' to fix CVE-2026-23745.
  4. Aggressively cleans npm cache to avoid false positives.
  5. Improves CI logging to show vulnerability table in console.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/karant-dev/AutoRedact/pull/46 **Author:** [@karant-dev](https://github.com/karant-dev) **Created:** 1/18/2026 **Status:** ✅ Merged **Merged:** 1/18/2026 **Merged by:** [@karant-dev](https://github.com/karant-dev) **Base:** `main` ← **Head:** `fix/security-patch` --- ### 📝 Commits (4) - [`f827431`](https://github.com/karant-dev/AutoRedact/commit/f82743132d25f69137c1c6820a50c43d7cf2b95c) fix: patch CVE-2026-23745 and upgrade OS packages - [`44c10eb`](https://github.com/karant-dev/AutoRedact/commit/44c10eb0d01e3fe0e22ae005dc9cb9b2e50f7cdc) fix: update npm to latest and patch tar to fix all vulnerabilities - [`2c527f5`](https://github.com/karant-dev/AutoRedact/commit/2c527f5018695ccc0e778adbf8cb615638d5b5ee) fix: aggressively clean npm cache to prevent false positives - [`2ab298d`](https://github.com/karant-dev/AutoRedact/commit/2ab298d9b028e7fc7d0630b07857bd2ee630d658) ci: improve trivy logging by printing table to console ### 📊 Changes **2 files changed** (+20 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/release.yml` (+11 -1) 📝 `Dockerfile` (+9 -2) </details> ### 📄 Description Comprehensively patches all vulnerabilities: 1. Upgrades OS packages via 'apt-get upgrade'. 2. Updates 'npm' to latest to fix 'glob' and 'cross-spawn' vulnerabilities. 3. Manually patches 'tar' to fix CVE-2026-23745. 4. Aggressively cleans npm cache to avoid false positives. 5. Improves CI logging to show vulnerability table in console. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-02 11:45:10 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/npm_and_yarn/fastify-5.8.5
dependabot/npm_and_yarn/dompurify-3.4.0
dependabot/github_actions/actions-8db0b3ea46
dependabot/npm_and_yarn/vite-7.3.2
dependabot/npm_and_yarn/rollup-4.60.1
dependabot/npm_and_yarn/multi-bf05dc1ecf
dependabot/npm_and_yarn/dependencies-ed630d254e
dependabot/npm_and_yarn/flatted-3.4.2
dependabot/npm_and_yarn/jspdf-4.2.1
dependabot/npm_and_yarn/minimatch-3.1.5
dependabot/npm_and_yarn/ajv-6.14.0
dependabot/github_actions/dot-github/workflows/github_actions-9bddd90c58
chore/release-v2.1.6
chore/release-v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.0
v1.1.0
v1.0.0
Labels
Clear labels   
bug

   
enhancement

   
enhancement

   
enhancement

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
enhancement
enhancement
enhancement
help wanted
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/AutoRedact#46
No description provided.