Skip to content

chore(deps): bump tmp and inquirer in /hack/linear#33

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/hack/linear/multi-127d05f333
Open

chore(deps): bump tmp and inquirer in /hack/linear#33
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/hack/linear/multi-127d05f333

chore(deps): bump tmp and inquirer in /hack/linear

10a8cf9
Select commit
Loading
Failed to load commit list.
Kusari Inspector / Kusari Inspector succeeded May 27, 2026 in 54s

Security Analysis Passed

No security issues found

Details

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

Both dependency and code analyses independently recommend proceeding with no blocking issues. The PR updates inquirer from 8.2.6 to 8.2.7, which removes the vulnerable tmp package (CVE-2025-54798, CVE-2026-44705) along with os-tmpdir and external-editor, representing a net security improvement. New transitive dependencies (@inquirer/external-editor@1.0.3, iconv-lite@0.7.2, chardet@2.1.1) carry no known advisories and use permissive MIT licenses. The code analysis found zero security issues, zero exposed secrets, and zero workflow concerns across the two changed files (hack/linear/package.json and hack/linear/package-lock.json). Minor operational concerns around inactive maintenance on iconv-lite and chardet are low-priority and non-blocking. The combined risk profile is favorable: this PR reduces the attack surface by eliminating known vulnerable packages while introducing no new risks.

Note

View full detailed analysis result for more information on the output and the checks that were run.


@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 10a8cf9, performed at: 2026-05-27T23:07:43Z