Skip to content

Commit e970e96

Browse files
GenerQAQGener
authored andcommitted
fix(deps): resolve security audit failures
- Bump Go 1.25.8 -> 1.25.9 to fix crypto/x509 and crypto/tls vulns (GO-2026-4947, GO-2026-4946, GO-2026-4870) - Upgrade aiohttp 3.13.3 -> 3.13.5 to fix 10 CVEs in Python audit - Ignore drizzle-orm CVE-2026-39356 (GHSA-gpj5-g38j-94v9) in CI audit: transitive dep of @payloadcms/db-d1-sqlite, no upstream fix available yet; direct override to >=0.45.2 breaks the build
1 parent 9c7b432 commit e970e96

5 files changed

Lines changed: 99 additions & 92 deletions

File tree

.github/workflows/security-reusable.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -107,4 +107,6 @@ jobs:
107107
run: pnpm audit --audit-level=high --prod
108108
- name: Audit Landing Page
109109
working-directory: landingpage
110-
run: pnpm audit --audit-level=high --prod
110+
# Ignore CVE-2026-39356 (drizzle-orm SQL injection, GHSA-gpj5-g38j-94v9):
111+
# transitive dep of @payloadcms/db-d1-sqlite — no upstream release with fix yet
112+
run: pnpm audit --audit-level=high --prod --ignore CVE-2026-39356

landingpage/package.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,11 @@
9595
"flatted": ">=3.4.2",
9696
"path-to-regexp@>=8.0.0 <8.4.0": ">=8.4.0",
9797
"happy-dom": ">=20.8.9"
98+
},
99+
"auditConfig": {
100+
"ignoreCves": [
101+
"CVE-2026-39356"
102+
]
98103
}
99104
},
100105
"cloudflare": {

src/client/acontext-cli/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/memodb-io/Acontext/acontext-cli
22

3-
go 1.25.8
3+
go 1.25.9
44

55
require (
66
github.com/AlecAivazis/survey/v2 v2.3.7

src/server/api/go/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/memodb-io/Acontext
22

3-
go 1.25.8
3+
go 1.25.9
44

55
require (
66
github.com/alicebob/miniredis/v2 v2.37.0

0 commit comments

Comments
 (0)