chore(deps): bump tmp and inquirer in /hack/linear#33
Security Analysis Passed
No security issues found
Details
Kusari Analysis Results:
✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.
Both dependency and code analyses independently recommend proceeding with no blocking issues. The PR updates inquirer from 8.2.6 to 8.2.7, which removes the vulnerable tmp package (CVE-2025-54798, CVE-2026-44705) along with os-tmpdir and external-editor, representing a net security improvement. New transitive dependencies (@inquirer/external-editor@1.0.3, iconv-lite@0.7.2, chardet@2.1.1) carry no known advisories and use permissive MIT licenses. The code analysis found zero security issues, zero exposed secrets, and zero workflow concerns across the two changed files (hack/linear/package.json and hack/linear/package-lock.json). Minor operational concerns around inactive maintenance on iconv-lite and chardet are low-priority and non-blocking. The combined risk profile is favorable: this PR reduces the attack surface by eliminating known vulnerable packages while introducing no new risks.
Note
View full detailed analysis result for more information on the output and the checks that were run.
@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 10a8cf9, performed at: 2026-05-27T23:07:43Z