bump #2521

Merged

mfreeman451 merged 1 commit from refs/pull/2521/head into main

2025-12-08 04:28:25 +00:00

mfreeman451 commented

2025-12-08 04:24:22 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2077
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2077
Original created: 2025-12-08T04:24:22Z
Original updated: 2025-12-08T04:28:28Z
Original head: carverauto/serviceradar:chore/bump_brace_expansion
Original base: main
Original merged: 2025-12-08T04:28:25Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Enhancement

Description

Add brace-expansion security override to pnpm configuration
Enforce minimum version 1.1.12 for brace-expansion dependency
Update lock file with new brace-expansion version

Diagram Walkthrough

flowchart LR
  A["package.json"] -- "add pnpm override" --> B["brace-expansion@1.1.12"]
  C["pnpm-lock.yaml"] -- "update version" --> B
  B -- "enforces minimum version" --> D["Security fix"]

File Walkthrough

Relevant files

Dependencies

package.json `Add pnpm override for brace-expansion security` web/package.json Added `pnpm.overrides` section to enforce brace-expansion minimum version 1.1.12 Protects against vulnerable versions of brace-expansion below 1.1.12 Ensures all transitive dependencies use the secure version	+4/-1
pnpm-lock.yaml `Update brace-expansion to 1.1.12 in lock file` web/pnpm-lock.yaml Updated brace-expansion from version 1.1.11 to 1.1.12 Added global overrides section at top level Updated minimatch@3.1.2 dependency to use new brace-expansion version Regenerated lock file with updated dependency resolution	+7/-4

Imported from GitHub pull request. Original GitHub pull request: #2077 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2077 Original created: 2025-12-08T04:24:22Z Original updated: 2025-12-08T04:28:28Z Original head: carverauto/serviceradar:chore/bump_brace_expansion Original base: main Original merged: 2025-12-08T04:28:25Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Enhancement ___ ### **Description** - Add brace-expansion security override to pnpm configuration - Enforce minimum version 1.1.12 for brace-expansion dependency - Update lock file with new brace-expansion version ___ ### Diagram Walkthrough ```mermaid flowchart LR A["package.json"] -- "add pnpm override" --> B["brace-expansion@1.1.12"] C["pnpm-lock.yaml"] -- "update version" --> B B -- "enforces minimum version" --> D["Security fix"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Dependencies</strong></td><td><table> <tr> <td> <details> <summary><strong>package.json</strong><dd><code>Add pnpm override for brace-expansion security</code>                      </dd></summary> <hr> web/package.json <ul><li>Added <code>pnpm.overrides</code> section to enforce brace-expansion minimum <br>version 1.1.12<br> <li> Protects against vulnerable versions of brace-expansion below 1.1.12<br> <li> Ensures all transitive dependencies use the secure version</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2077/files#diff-b861012a5dd72b8a9f3281b7cf09f5a779c98569d040b1bbc1db50f1b15e7cce">+4/-1</a>      </td> </tr> <tr> <td> <details> <summary><strong>pnpm-lock.yaml</strong><dd><code>Update brace-expansion to 1.1.12 in lock file</code>                        </dd></summary> <hr> web/pnpm-lock.yaml <ul><li>Updated brace-expansion from version 1.1.11 to 1.1.12<br> <li> Added global overrides section at top level<br> <li> Updated minimatch@3.1.2 dependency to use new brace-expansion version<br> <li> Regenerated lock file with updated dependency resolution</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2077/files#diff-f11bfba22b3604b3a7b52e44e10f4eae265b030b5682714833ba689eda12a27b">+7/-4</a>      </td> </tr> </table></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-12-08 04:24:42 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2077#issuecomment-3624662433
Original created: 2025-12-08T04:24:42Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No runtime code: The PR only updates package manager overrides and lockfile without adding or modifying application logic that could include audit logging of critical actions. Referred Code `"overrides": { "brace-expansion@<1.1.12": "^1.1.12" }` Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: No error paths: Changes are limited to dependency overrides and lockfile updates and do not introduce code paths where error handling or edge case logic would apply. Referred Code `overrides: brace-expansion@<1.1.12: ^1.1.12` Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2077#issuecomment-3624662433 Original created: 2025-12-08T04:24:42Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td>🟢</td><td><details><summary><strong>No security concerns identified</strong></summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary>🎫 <strong>No ticket provided </strong></summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=4>🟢</td><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=2>⚪</td> <td><details> <summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2077/files#diff-b861012a5dd72b8a9f3281b7cf09f5a779c98569d040b1bbc1db50f1b15e7cceR56-R58'><strong>No runtime code</strong></a>: The PR only updates package manager overrides and lockfile without adding or modifying <br>application logic that could include audit logging of critical actions.<br> <details open><summary>Referred Code</summary> ```json "overrides": { "brace-expansion@<1.1.12": "^1.1.12" } ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2077/files#diff-f11bfba22b3604b3a7b52e44e10f4eae265b030b5682714833ba689eda12a27bR7-R9'><strong>No error paths</strong></a>: Changes are limited to dependency overrides and lockfile updates and do not introduce code <br>paths where error handling or edge case logic would apply.<br> <details open><summary>Referred Code</summary> ```yaml overrides: brace-expansion@<1.1.12: ^1.1.12 ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2025-12-08 04:25:36 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2077#issuecomment-3624666208
Original created: 2025-12-08T04:25:36Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Consolidate overrides into the standard field Consolidate the `pnpm.overrides` into the standard root-level `overrides` field to improve standardization and maintainability, as `pnpm` now supports this feature. web/package.json [49-63] `"pnpm": { "ignoredBuiltDependencies": [ "sharp" ], "onlyBuiltDependencies": [ "unrs-resolver" - ], - "overrides": { - "brace-expansion@<1.1.12": "^1.1.12" - } + ] }, "overrides": { "@types/react": "19.2.2", - "@types/react-dom": "19.2.2" + "@types/react-dom": "19.2.2", + "brace-expansion@<1.1.12": "^1.1.12" }` `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that `pnpm.overrides` is a legacy field and proposes using the standard root-level `overrides` field, which improves code standardization and maintainability.	Low
More

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2077#issuecomment-3624666208 Original created: 2025-12-08T04:25:36Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=1>General</td> <td> <details><summary>Consolidate overrides into the standard field</summary> ___ **Consolidate the <code>pnpm.overrides</code> into the standard root-level <code>overrides</code> field to <br>improve standardization and maintainability, as <code>pnpm</code> now supports this feature.** [web/package.json [49-63]](https://github.com/carverauto/serviceradar/pull/2077/files#diff-b861012a5dd72b8a9f3281b7cf09f5a779c98569d040b1bbc1db50f1b15e7cceR49-R63) ```diff "pnpm": { "ignoredBuiltDependencies": [ "sharp" ], "onlyBuiltDependencies": [ "unrs-resolver" - ], - "overrides": { - "brace-expansion@<1.1.12": "^1.1.12" - } + ] }, "overrides": { "@types/react": "19.2.2", - "@types/react-dom": "19.2.2" + "@types/react-dom": "19.2.2", + "brace-expansion@<1.1.12": "^1.1.12" } ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: The suggestion correctly identifies that `pnpm.overrides` is a legacy field and proposes using the standard root-level `overrides` field, which improves code standardization and maintainability. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>