Skip to content

fix: tmp package vulnerability fixed via yarn resolution #10276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
igorlukanin wants to merge 3 commits into
base: master
Choose a base branch
from
Open

fix: tmp package vulnerability fixed via yarn resolution #10276

igorlukanin wants to merge 3 commits into from
+6 −24

Conversation

@igorlukanin
Copy link
Member

@igorlukanin igorlukanin commented Dec 22, 2025

Check List

  • Tests have been run in packages where changes have been made if available
  • Linter has been run for changed code
  • Tests for the changes have been added if not covered yet
  • Docs have been added / updated if required

Issue Reference this PR resolves

Resolves #10156

Copilot AI reviewed Dec 22, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a security vulnerability in the tmp package by using Yarn's resolutions feature to consolidate all versions of the tmp package to version 0.2.4.

Key changes:

  • Added tmp version 0.2.4 to the resolutions field in package.json
  • Updated yarn.lock to consolidate all tmp package references (versions 0.0.33, 0.1.0, and 0.2.3) to version 0.2.4
  • Removed the os-tmpdir dependency which was only required by older versions of tmp

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Added tmp: "0.2.4" to the resolutions field to force all dependencies to use this version
yarn.lock Consolidated all tmp package versions to 0.2.4 and removed obsolete os-tmpdir dependency

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@igorlukanin
fix(postgres-driver): handle connection termination errors gracefully
246061c 
Add error handlers to pool clients to prevent unhandled error events
from crashing the process when PostgreSQL connections are terminated
unexpectedly (e.g., when max connections are reached).

Fixes #10142
@igorlukanin igorlukanin requested a review from a team as a code owner December 22, 2025 16:11
@github-actions github-actions bot added driver:postgres Issues relating to the Postgres driver driver:questdb javascript Pull requests that update Javascript code data source driver labels Dec 22, 2025
@igorlukanin igorlukanin removed driver:postgres Issues relating to the Postgres driver driver:questdb data source driver labels Dec 22, 2025
@codecov
Copy link

codecov bot commented Dec 22, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.17%. Comparing base (df8161c) to head (3cca711).
⚠️ Report is 1 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (df8161c) and HEAD (3cca711). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (df8161c) HEAD (3cca711)
cubesql 1 0
Additional details and impacted files 
@@             Coverage Diff             @@
##           master   #10276       +/-   ##
===========================================
- Coverage   83.27%   55.17%   -28.11%     
===========================================
  Files         248      221       -27     
  Lines       74448    17202    -57246     
  Branches        0     3521     +3521     
===========================================
- Hits        61999     9491    -52508     
+ Misses      12449     7216     -5233     
- Partials        0      495      +495
Flag Coverage Δ
cube-backend 55.17% <ø> (?)
cubesql ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@KSDaemon KSDaemon Awaiting requested review from KSDaemon

Assignees

No one assigned

Labels

javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Orca flags vulnerability in tmp package

2 participants

@igorlukanin