Skip to content

chore: resolve open dependabot security alerts#180

Draft
jonathannorris wants to merge 2 commits into
mainfrom
chore/dependabot-alerts
Draft

chore: resolve open dependabot security alerts#180
jonathannorris wants to merge 2 commits into
mainfrom
chore/dependabot-alerts

Conversation

@jonathannorris

Copy link
Copy Markdown
Member

Summary

  • Resolved 6 open Dependabot security alerts by bumping vulnerable dependencies across affected provider lockfiles.

Dependabot Alerts Resolved

Alert Package Manifest Severity Fix
#41 faraday providers/openfeature-go-feature-flag-provider/Gemfile.lock low Bumped 2.14.1 to 2.14.2
#40 faraday providers/openfeature-ofrep-provider/Gemfile.lock low Bumped 2.14.1 to 2.14.2
#39 faraday providers/openfeature-flagsmith-provider/Gemfile.lock low Bumped 2.14.1 to 2.14.2
#35 addressable providers/openfeature-flagsmith-provider/Gemfile.lock high Bumped 2.8.9 to 2.9.0
#34 addressable providers/openfeature-go-feature-flag-provider/Gemfile.lock high Bumped 2.8.7 to 2.9.0
#29 json providers/openfeature-meta_provider/Gemfile.lock high Bumped 2.19.0 to 2.19.7

Verification

  • bundle exec rake (lint + RSpec) passes on each affected provider: go-feature-flag (82 examples), ofrep (44 examples), flagsmith (89 examples), meta_provider (58 examples).

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates several dependency versions across multiple Gemfile.lock files for various OpenFeature providers, including openfeature-flagsmith-provider, openfeature-go-feature-flag-provider, openfeature-meta_provider, and openfeature-ofrep-provider. Specifically, it bumps versions for dependencies such as addressable, faraday, faraday-net_http, json, and public_suffix. There are no review comments, and I have no feedback to provide.

@jonathannorris
jonathannorris force-pushed the chore/dependabot-alerts branch from 2731d8d to 05604d0 Compare June 2, 2026 14:59
@jonathannorris
jonathannorris marked this pull request as ready for review June 2, 2026 17:51
@jonathannorris
jonathannorris requested review from askpt and toddbaert June 2, 2026 17:54
@jonathannorris
jonathannorris force-pushed the chore/dependabot-alerts branch from 05604d0 to 7d0904b Compare June 5, 2026 19:09
@jonathannorris
jonathannorris marked this pull request as draft June 8, 2026 14:37
@jonathannorris
jonathannorris requested a review from Copilot June 8, 2026 14:37

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jonathannorris
jonathannorris marked this pull request as ready for review June 8, 2026 14:38
@jonathannorris
jonathannorris enabled auto-merge (squash) June 8, 2026 14:38
@jonathannorris
jonathannorris force-pushed the chore/dependabot-alerts branch 2 times, most recently from 86882d7 to 28233e4 Compare June 22, 2026 14:09
@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (4)
  • providers/openfeature-flagsmith-provider/Gemfile.lock is excluded by !**/*.lock
  • providers/openfeature-go-feature-flag-provider/Gemfile.lock is excluded by !**/*.lock
  • providers/openfeature-meta_provider/Gemfile.lock is excluded by !**/*.lock
  • providers/openfeature-ofrep-provider/Gemfile.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: d55cbd43-f328-4f20-809d-ba0dacc8388e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@jonathannorris
jonathannorris force-pushed the chore/dependabot-alerts branch from 28233e4 to d6bf75d Compare June 29, 2026 16:57
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
- faraday 2.14.2 -> 2.14.3 (high, alert #47) in openfeature-go-feature-flag-provider
- faraday 2.14.2 -> 2.14.3 (high, alert #46) in openfeature-ofrep-provider
- faraday 2.14.2 -> 2.14.3 (high, alert #45) in openfeature-flagsmith-provider

Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
@jonathannorris
jonathannorris force-pushed the chore/dependabot-alerts branch from d6bf75d to 90c8919 Compare July 6, 2026 14:16
@jonathannorris
jonathannorris marked this pull request as draft July 6, 2026 14:17
auto-merge was automatically disabled July 6, 2026 14:17

Pull request was converted to draft

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants