Skip to content

Address security update findings#3136

Merged
ukanga merged 8 commits into
mainfrom
security-updates
Jun 26, 2026
Merged

Address security update findings#3136
ukanga merged 8 commits into
mainfrom
security-updates

Conversation

@ukanga

@ukanga ukanga commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Member

Summary:

  • Bump npm tmp to patched 0.2.7.
  • Move Docker image workflow off retired ubuntu-20.04 runner.
  • Bump Python dependencies with fixed versions from the Trivy report.
  • Fold in open Dependabot dependency updates that were still outstanding, excluding the Django 6 upgrade.

Superseded Dependabot PRs:
Closes #3129.
Closes #3060.
Closes #3059.
Closes #3058.
Closes #3043.
Closes #3041.
Closes #3040.
Closes #3039.
Closes #3038.
Closes #3037.

@ukanga ukanga force-pushed the security-updates branch from a9126e6 to 8f748b8 Compare June 25, 2026 16:36
@ukanga ukanga force-pushed the security-updates branch from d542721 to 3733a9d Compare June 25, 2026 17:13
@ukanga ukanga enabled auto-merge June 26, 2026 04:58
@ukanga ukanga merged commit 94e583f into main Jun 26, 2026
12 checks passed
@ukanga ukanga deleted the security-updates branch June 26, 2026 06:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kelvin-muchiri kelvin-muchiri kelvin-muchiri approved these changes
@FrankApiyo FrankApiyo Awaiting requested review from FrankApiyo

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ukanga @kelvin-muchiri