@checkstack/command-backend 0.1.26 → 0.1.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +39 -0
- package/package.json +5 -5
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,44 @@
|
|
|
1
1
|
# @checkstack/command-backend
|
|
2
2
|
|
|
3
|
+
## 0.1.28
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies [a06b899]
|
|
8
|
+
- Updated dependencies [a06b899]
|
|
9
|
+
- @checkstack/backend-api@0.16.0
|
|
10
|
+
|
|
11
|
+
## 0.1.27
|
|
12
|
+
|
|
13
|
+
### Patch Changes
|
|
14
|
+
|
|
15
|
+
- b33fb4d: Refresh `bun.lock` to clear MEDIUM-severity Trivy advisories on transitive
|
|
16
|
+
runtime dependencies. No public API change — bumping every workspace
|
|
17
|
+
package that lists `@orpc/server` as a direct dep so consumers re-resolve
|
|
18
|
+
the optional `ws` peer to the patched release on their next install.
|
|
19
|
+
|
|
20
|
+
- `ws` `8.20.0` → `8.20.1` (CVE-2026-45736). Pulled into the install tree
|
|
21
|
+
as `@orpc/server`'s optional WebSocket peer; Bun auto-installs it into
|
|
22
|
+
every backend package that depends on `@orpc/server`, so a stale 8.20.0
|
|
23
|
+
ships in the consumer's `node_modules` until the parent package
|
|
24
|
+
re-resolves.
|
|
25
|
+
- `brace-expansion` `5.0.5` → `5.0.6` (CVE-2026-45149). Pulled in only
|
|
26
|
+
through dev tooling (`minimatch@10` via `@typescript-eslint` and
|
|
27
|
+
`storybook`'s `glob@13`), so it does not ship to consumers and no
|
|
28
|
+
workspace `package.json` lists it; the lockfile bump alone clears the
|
|
29
|
+
finding for the Docker image and the local dev tree. No version bump
|
|
30
|
+
is attributed to this advisory.
|
|
31
|
+
|
|
32
|
+
The fix lives entirely in `bun.lock` — no `package.json`, `overrides`, or
|
|
33
|
+
`resolutions` change is needed because both parent ranges (`minimatch@10
|
|
34
|
+
→ brace-expansion@^5.0.5`, `@orpc/server / storybook / happy-dom →
|
|
35
|
+
ws@>=8.18.x`) already accept the patched releases, and `bun install`
|
|
36
|
+
keeps the resolved versions sticky after the initial `bun update`.
|
|
37
|
+
|
|
38
|
+
- Updated dependencies [1909a61]
|
|
39
|
+
- Updated dependencies [b33fb4d]
|
|
40
|
+
- @checkstack/backend-api@0.15.3
|
|
41
|
+
|
|
3
42
|
## 0.1.26
|
|
4
43
|
|
|
5
44
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@checkstack/command-backend",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.28",
|
|
4
4
|
"license": "Elastic-2.0",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/index.ts",
|
|
@@ -13,14 +13,14 @@
|
|
|
13
13
|
"lint:code": "eslint . --max-warnings 0"
|
|
14
14
|
},
|
|
15
15
|
"dependencies": {
|
|
16
|
-
"@checkstack/backend-api": "0.15.
|
|
17
|
-
"@checkstack/command-common": "0.2.
|
|
18
|
-
"@checkstack/common": "0.
|
|
16
|
+
"@checkstack/backend-api": "0.15.3",
|
|
17
|
+
"@checkstack/command-common": "0.2.12",
|
|
18
|
+
"@checkstack/common": "0.10.0",
|
|
19
19
|
"@orpc/server": "^1.13.2",
|
|
20
20
|
"zod": "^4.2.1"
|
|
21
21
|
},
|
|
22
22
|
"devDependencies": {
|
|
23
|
-
"@checkstack/scripts": "0.3.
|
|
23
|
+
"@checkstack/scripts": "0.3.2",
|
|
24
24
|
"@checkstack/tsconfig": "0.0.7",
|
|
25
25
|
"@types/bun": "^1.3.5",
|
|
26
26
|
"@types/node": "^20.0.0",
|