Skip to content

resolve GHSA-37qj-frw5-hhjh (backport #8932) [release/5.2.x]#8934

Closed
mergify[bot] wants to merge 1 commit intorelease/5.2.xfrom
mergify/bp/release/5.2.x/pr-8932
Closed

resolve GHSA-37qj-frw5-hhjh (backport #8932) [release/5.2.x]#8934
mergify[bot] wants to merge 1 commit intorelease/5.2.xfrom
mergify/bp/release/5.2.x/pr-8932

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Jan 30, 2026

resolve GHSA-37qj-frw5-hhjh, ran rush update-full as well

Presentation full stack tests has a direct dep, bumped up a major version.

Changelog of the dep: NaturalIntelligence/fast-xml-parser@master/CHANGELOG.md

image

Rush update --full can't bump nested deps up major versions, so had to include pnpm override for fast-xml-parser.

culprit dep hasn't bumped it's version yet: https://github.com/googleapis/nodejs-storage/blob/30522654c50bd8c3ea081c81988662f8af9a7635/package.json#L81

This is an automatic backport of pull request #8932 done by Mergify.

@hl662 @mergify
resolve GHSA-37qj-frw5-hhjh (#8932)
d37cc5c 
(cherry picked from commit ca38ea0)

# Conflicts:
#	common/config/rush/pnpm-config.json
#	common/config/rush/pnpm-lock.yaml
@mergify mergify bot requested review from a team as code owners January 30, 2026 21:50
@mergify mergify bot added the conflicts label Jan 30, 2026
@mergify mergify bot assigned hl662 Jan 30, 2026
@mergify
Copy link
Contributor Author

mergify bot commented Jan 30, 2026

Cherry-pick of ca38ea0 has failed:

On branch mergify/bp/release/5.2.x/pr-8932
Your branch is up to date with 'origin/release/5.2.x'.

You are currently cherry-picking commit ca38ea0195.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   full-stack-tests/presentation/package.json

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   common/config/rush/pnpm-config.json
	both modified:   common/config/rush/pnpm-lock.yaml

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify bot requested a review from a team January 30, 2026 21:50
@hl662 hl662 closed this Jan 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pmconne pmconne Awaiting requested review from pmconne pmconne is a code owner automatically assigned from iTwin/itwinjs-core

@tcobbs-bentley tcobbs-bentley Awaiting requested review from tcobbs-bentley tcobbs-bentley is a code owner automatically assigned from iTwin/itwinjs-core

@RohitPtnkr1996 RohitPtnkr1996 Awaiting requested review from RohitPtnkr1996 RohitPtnkr1996 is a code owner automatically assigned from iTwin/itwinjs-core

Assignees

@hl662 hl662

Labels

conflicts

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hl662