@checkstack/satellite-backend 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +47 -0
  2. package/package.json +6 -6
package/CHANGELOG.md CHANGED
@@ -1,5 +1,52 @@
1
1
  # @checkstack/satellite-backend
2
2
 
3
+ ## 0.3.4
4
+
5
+ ### Patch Changes
6
+
7
+ - Updated dependencies [a06b899]
8
+ - Updated dependencies [a06b899]
9
+ - @checkstack/backend-api@0.16.0
10
+ - @checkstack/gitops-backend@0.3.4
11
+ - @checkstack/healthcheck-backend@1.1.3
12
+ - @checkstack/queue-api@0.3.3
13
+ - @checkstack/healthcheck-common@1.1.1
14
+ - @checkstack/satellite-common@0.5.1
15
+
16
+ ## 0.3.3
17
+
18
+ ### Patch Changes
19
+
20
+ - b33fb4d: Refresh `bun.lock` to clear MEDIUM-severity Trivy advisories on transitive
21
+ runtime dependencies. No public API change — bumping every workspace
22
+ package that lists `@orpc/server` as a direct dep so consumers re-resolve
23
+ the optional `ws` peer to the patched release on their next install.
24
+
25
+ - `ws` `8.20.0` → `8.20.1` (CVE-2026-45736). Pulled into the install tree
26
+ as `@orpc/server`'s optional WebSocket peer; Bun auto-installs it into
27
+ every backend package that depends on `@orpc/server`, so a stale 8.20.0
28
+ ships in the consumer's `node_modules` until the parent package
29
+ re-resolves.
30
+ - `brace-expansion` `5.0.5` → `5.0.6` (CVE-2026-45149). Pulled in only
31
+ through dev tooling (`minimatch@10` via `@typescript-eslint` and
32
+ `storybook`'s `glob@13`), so it does not ship to consumers and no
33
+ workspace `package.json` lists it; the lockfile bump alone clears the
34
+ finding for the Docker image and the local dev tree. No version bump
35
+ is attributed to this advisory.
36
+
37
+ The fix lives entirely in `bun.lock` — no `package.json`, `overrides`, or
38
+ `resolutions` change is needed because both parent ranges (`minimatch@10
39
+ → brace-expansion@^5.0.5`, `@orpc/server / storybook / happy-dom →
40
+ ws@>=8.18.x`) already accept the patched releases, and `bun install`
41
+ keeps the resolved versions sticky after the initial `bun update`.
42
+
43
+ - Updated dependencies [1909a61]
44
+ - Updated dependencies [b33fb4d]
45
+ - @checkstack/backend-api@0.15.3
46
+ - @checkstack/gitops-backend@0.3.3
47
+ - @checkstack/healthcheck-backend@1.1.2
48
+ - @checkstack/queue-api@0.3.2
49
+
3
50
  ## 0.3.2
4
51
 
5
52
  ### Patch Changes
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@checkstack/satellite-backend",
3
- "version": "0.3.2",
3
+ "version": "0.3.4",
4
4
  "license": "Elastic-2.0",
5
5
  "type": "module",
6
6
  "main": "src/index.ts",
@@ -14,15 +14,15 @@
14
14
  "lint:code": "eslint . --max-warnings 0"
15
15
  },
16
16
  "dependencies": {
17
- "@checkstack/backend-api": "0.15.2",
17
+ "@checkstack/backend-api": "0.15.3",
18
18
  "@checkstack/satellite-common": "0.5.0",
19
19
  "@checkstack/healthcheck-common": "1.1.0",
20
20
  "@checkstack/signal-common": "0.2.3",
21
- "@checkstack/healthcheck-backend": "1.1.0",
22
- "@checkstack/gitops-backend": "0.3.1",
21
+ "@checkstack/healthcheck-backend": "1.1.2",
22
+ "@checkstack/gitops-backend": "0.3.3",
23
23
  "@checkstack/gitops-common": "0.4.0",
24
24
  "@checkstack/common": "0.10.0",
25
- "@checkstack/queue-api": "0.3.1",
25
+ "@checkstack/queue-api": "0.3.2",
26
26
  "drizzle-orm": "^0.45.0",
27
27
  "zod": "^4.2.1",
28
28
  "@orpc/server": "^1.13.2"
@@ -30,7 +30,7 @@
30
30
  "devDependencies": {
31
31
  "@checkstack/drizzle-helper": "0.0.5",
32
32
  "@checkstack/scripts": "0.3.2",
33
- "@checkstack/test-utils-backend": "0.1.26",
33
+ "@checkstack/test-utils-backend": "0.1.27",
34
34
  "@checkstack/tsconfig": "0.0.7",
35
35
  "@types/bun": "^1.0.0",
36
36
  "drizzle-kit": "^0.31.10",