Skip to content

fix: update astro to resolve CVE-2026-45028#167

Open
dannyneira wants to merge 1 commit into
mainfrom
independabot/astro-cve-2026-45028
Open

fix: update astro to resolve CVE-2026-45028#167
dannyneira wants to merge 1 commit into
mainfrom
independabot/astro-cve-2026-45028

Conversation

@dannyneira
Copy link
Copy Markdown
Member

@dannyneira dannyneira commented Jun 1, 2026

Summary

  • Update direct dependency astro from ^6.1.8 to ^6.1.10.
  • Update package-lock.json so astro resolves to 6.1.10, the patched version for CVE-2026-45028.
  • No workaround or override was needed.

Security

Verification

  • npx -y npm@10 audit --json no longer reports astro.
  • npx -y npm@10 ci
  • npx -y npm@10 run typecheck
  • npx -y npm@10 run build

Conversation: https://staging.warp.dev/conversation/8e180e72-2d88-4a5f-b30b-1cd561dcca12
Run: https://oz.staging.warp.dev/runs/019e83e9-da97-7dab-8218-52c764eda608
This PR was generated with Oz.

@oz-agent
fix: update astro to resolve CVE-2026-45028
9e91248 
Co-Authored-By: Oz <oz-agent@warp.dev>
@dannyneira dannyneira requested a review from rachaelrenk June 1, 2026 16:08
@cla-bot cla-bot Bot added the cla-signed label Jun 1, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Jun 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Jun 1, 2026 4:10pm

Request Review

@dannyneira dannyneira requested a review from hongyi-chen June 1, 2026 20:02
@dannyneira dannyneira marked this pull request as ready for review June 1, 2026 20:02
@oz-for-oss
Copy link
Copy Markdown
Contributor

oz-for-oss Bot commented Jun 1, 2026
edited
Loading

@dannyneira

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

oz-for-oss[bot]
oz-for-oss Bot reviewed Jun 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@oz-for-oss oz-for-oss Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overview

This PR updates the direct Astro dependency from ^6.1.8 to ^6.1.10 and refreshes the lockfile entries for Astro and its updated transitive dependencies. The change matches the stated CVE remediation and the lockfile version, resolved tarball, and integrity metadata are internally consistent with the package update.

Concerns

  • No correctness, dependency-consistency, spec-drift, or security concerns were found in the changed lines.

Verdict

Found: 0 critical, 0 important, 0 suggestions

Approve

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oz-for-oss oz-for-oss[bot] oz-for-oss[bot] left review comments

@rachaelrenk rachaelrenk rachaelrenk approved these changes

@hongyi-chen hongyi-chen Awaiting requested review from hongyi-chen

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dannyneira @rachaelrenk @oz-agent