Skip to content

[pull] release from appsmithorg:release#256

Merged
pull[bot] merged 1 commit into
code:releasefrom
appsmithorg:release
Jun 22, 2026
Merged

[pull] release from appsmithorg:release#256
pull[bot] merged 1 commit into
code:releasefrom
appsmithorg:release

Conversation

@pull

@pull pull Bot commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

@subrata71
fix(deps): batch security update — 15 vulnerabilities (#41913)
6401348 
## Summary
Batch update resolving 15 Dependabot vulnerability alerts across 10
packages.

| # | Package | From | To | Severity | CVE/GHSA |
|---|---------|------|----|----------|----------|
| #671 | undici | <6.27.0 | 6.27.0 | high | CVE-2026-12151 |
| #672 | undici | <6.27.0 | 6.27.0 | medium | CVE-2026-9679 |
| #673 | undici | <6.27.0 | 6.27.0 | low | CVE-2026-11525 |
| #670 | undici | <6.27.0 | 6.27.0 | low | CVE-2026-6733 |
| #666 | form-data | >=4.0.0 <4.0.6 | 4.0.6 | high | CVE-2026-12143 |
| #663 | vite | <=6.4.2 | 6.4.3 | high | CVE-2026-53571 |
| #664 | vite | <=6.4.2 | 6.4.3 | medium | CVE-2026-53632 |
| #665 | tar | <=7.5.15 | 7.5.16 | medium | CVE-2026-53655 |
| #657 | protobufjs | <=7.6.2 | 7.6.3+ | medium | CVE-2026-54269 |
| #659 | ws | >=6.0.0 <6.2.4 | 6.2.4 | high | CVE-2026-48779 |
| #656 | launch-editor | <=2.14.0 | 2.14.1 | medium | CVE-2026-53632 |
| #661 | @babel/core | <=7.29.0 | 7.29.6 | low | CVE-2026-49356 |
| #667 | webpack-dev-server | <5.2.5 | 5.2.5 | medium | CVE-2026-9595 |
| #658 | nodemailer | <=9.0.0 | 9.0.1 | high | GHSA-p6gq-j5cr-w38f |
| #669 | nodemailer | <=9.0.0 | 9.0.1 | high | GHSA-p6gq-j5cr-w38f |

### Fix approach
- **Resolution bumps** (existing entries): undici, form-data, vite, tar,
protobufjs
- **New resolutions** (transitive): ws@^6.1.0, launch-editor,
@babel/core
- **DevDependency upgrade**: webpack-dev-server 5.2.2 → 5.2.5
- **Direct dependency upgrade** (RTS): nodemailer 8.0.10 → 9.0.1

### Skipped (major version bumps — breaking changes)
- #668: http-proxy-middleware (2.x → 3.x)
- #662: js-yaml (3.x → 4.x)
- #654: @opentelemetry/core (1.x → 2.x)

## CI Trigger
/ok-to-test tags="@tag.All"

## Test plan
- [ ] All CI checks pass
- [ ] No breaking changes from dependency bumps
- [ ] Verify no major version upgrades included (only semver-compatible
patches/minors)


<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/27933268781>
> Commit: 69fc049
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=27933268781&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Mon, 22 Jun 2026 08:16:19 UTC
<!-- end of auto-generated comment: Cypress test results  -->


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated development build tools and application dependencies to their
latest stable versions, including security patches and stability
enhancements for the development environment.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
@pull pull Bot locked and limited conversation to collaborators Jun 22, 2026
@pull pull Bot added the ⤵️ pull label Jun 22, 2026
@pull pull Bot merged commit 6401348 into code:release Jun 22, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@subrata71