Skip to content

fix: bump file-type to avoid CVEs#318

Merged
diatrcz merged 5 commits intomainfrom
lt/fix-cve
Mar 13, 2026
Merged

fix: bump file-type to avoid CVEs#318
diatrcz merged 5 commits intomainfrom
lt/fix-cve

Conversation

@diatrcz
Copy link
Contributor

@diatrcz diatrcz commented Mar 12, 2026
edited
Loading

Bumps file-type to 21.3.2 to avoid CVE.

Since file-type is a pure ESM package since version 17, some additional changes were needed.

Checklist
  • npm test passes (tip: npm run lint-fix can correct most style issues)
  • tests are included
  • documentation is changed or added

@diatrcz
fix: bump file-type to avoid CVEs
ba11b18 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@twgoetz
Copy link

twgoetz commented Mar 13, 2026

Are you really going to go back to that ancient version? That is just asking for more trouble.

diatrcz added 2 commits March 13, 2026 09:53
@diatrcz
Revert "fix: bump file-type to avoid CVEs"
8836081 
This reverts commit ba11b18.
@diatrcz
fix: bump file-type to avoid CVEs
fe736c9 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz
Copy link
Contributor Author

diatrcz commented Mar 13, 2026

Thank you for voicing your concerns about reverting back from one ancient version to another, but no we are not downgrading the version.

@diatrcz diatrcz requested review from Andris28 and pyrooka March 13, 2026 10:02
diatrcz added 2 commits March 13, 2026 11:16
@diatrcz
fix: add flag to build script
9b3de10 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
@diatrcz
fix: fix linter issues
cdc69c0 
Signed-off-by: Lídia Tarcza <100163235+diatrcz@users.noreply.github.com>
pyrooka
pyrooka approved these changes Mar 13, 2026
View reviewed changes
Copy link
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@diatrcz diatrcz merged commit 32f597c into main Mar 13, 2026
14 checks passed
@diatrcz diatrcz deleted the lt/fix-cve branch March 13, 2026 11:36
ibm-devx-sdk pushed a commit that referenced this pull request Mar 13, 2026
@semantic-release-bot
chore(release): 5.4.9 [skip ci]
7496de0 
## [5.4.9](v5.4.8...v5.4.9) (2026-03-13)

### Bug Fixes

* bump file-type to avoid CVEs ([#318](#318)) ([32f597c](32f597c))
@ibm-devx-sdk
Copy link

ibm-devx-sdk commented Mar 13, 2026

🎉 This PR is included in version 5.4.9 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pyrooka pyrooka pyrooka approved these changes

@Andris28 Andris28 Awaiting requested review from Andris28

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@diatrcz @twgoetz @ibm-devx-sdk @pyrooka