Skip to content

fix: vulnerabilities#457

Merged
luca-gr4vy merged 5 commits intomainfrom
fix/31032026-vulnerabilities
Mar 31, 2026
Merged

fix: vulnerabilities#457
luca-gr4vy merged 5 commits intomainfrom
fix/31032026-vulnerabilities

Conversation

@luca-gr4vy
Copy link
Copy Markdown
Contributor

@luca-gr4vy luca-gr4vy commented Mar 31, 2026
edited
Loading

Description

Fixes all the handlebars ones in https://github.com/gr4vy/gr4vy-embed/security/dependabot and a few others found when running yarn audit / trivy (like the ones affecting brace-expansion).

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own changes
  • I have run yarn lint to make sure my changes pass all tests
  • I have run yarn test to make sure my changes pass all linters
  • I have pulled the latest changes from the upstream main branch
  • I have tested both the react and the CDN versions on local and integration environments
  • I have added the necessary labels to this PR in case a new release needs to be published after merging into main (e.g. release and patch)

Contribution guidelines

For contribution guidelines, styleguide, and other helpful information please
see the CONTRIBUTING.md file in the root of this project.

@luca-gr4vy luca-gr4vy added internal Changes only affect the internal API dependencies Update one or more dependencies version vulnerability labels Mar 31, 2026
@luca-gr4vy luca-gr4vy merged commit 51a6d28 into main Mar 31, 2026
5 checks passed
@luca-gr4vy luca-gr4vy deleted the fix/31032026-vulnerabilities branch March 31, 2026 15:46
@gr4vy-code
Copy link
Copy Markdown
Collaborator

gr4vy-code commented Apr 1, 2026

🚀 PR was released in v2.38.0 🚀

@gr4vy-code gr4vy-code added the released Issue or pull request released label Apr 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brunodesde1987 brunodesde1987 brunodesde1987 approved these changes

@GiordanoArman GiordanoArman Awaiting requested review from GiordanoArman

@odeta-gr4vy odeta-gr4vy Awaiting requested review from odeta-gr4vy

Assignees

No one assigned

Labels

dependencies Update one or more dependencies version internal Changes only affect the internal API released Issue or pull request released vulnerability

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@luca-gr4vy @gr4vy-code @brunodesde1987