Skip to content

Fix bn.js vulnerability#1565

Merged
kaje94 merged 4 commits intorelease/bi-1.8.xfrom
devant-connections-v3
Feb 25, 2026
Merged

Fix bn.js vulnerability#1565
kaje94 merged 4 commits intorelease/bi-1.8.xfrom
devant-connections-v3

Conversation

@kaje94
Copy link
Contributor

@kaje94 kaje94 commented Feb 25, 2026

Purpose

$subject

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

UI Component Development

Specify the reason if following are not followed.

  • Added reusable UI components to the ui-toolkit. Follow the intructions when adding the componenent.
  • Use ui-toolkit components wherever possible. Run npm run storybook from the root directory to view current components.
  • Matches with the native VSCode look and feel.

Manage Icons

Specify the reason if following are not followed.

  • Added Icons to the font-wso2-vscode. Follow the instructions.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

  • Unit tests

    Code coverage information

  • Integration tests

    Details about the test cases and coverage

Security checks

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

  • Chores
    • Updated dependency version management configuration
    • Improved TypeScript build configuration for faster compilation

@kaje94 kaje94 requested review from gigara and hevayo as code owners February 25, 2026 10:10
@kaje94 kaje94 merged commit e4ba4ac into release/bi-1.8.x Feb 25, 2026
1 check passed
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 25, 2026

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0aa5333 and eea2463.

⛔ Files ignored due to path filters (1)
  • common/config/rush/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (2)
  • common/config/rush/.pnpmfile.cjs
  • workspaces/apk/apk-extension/tsconfig.json

📝 Walkthrough

Walkthrough

This change pinpoints bn.js to version 5.2.3 in the Rush package manager configuration and enables TypeScript's skipLibCheck flag in the APK extension workspace. The modifications address version consistency and type-checking behavior across the project.

Changes

Cohort / File(s) Summary
Dependency Version Management
common/config/rush/.pnpmfile.cjs
Added logic to force bn.js to version 5.2.3 in both dependencies and devDependencies within the readPackage hook.
TypeScript Configuration
workspaces/apk/apk-extension/tsconfig.json
Enabled skipLibCheck compiler option to skip type-checking of declaration files from dependencies.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

  • Fix bn.js vulnerability #1538: Implements identical changes to the same files, pinning bn.js version and enabling skipLibCheck in the TypeScript configuration.

Suggested reviewers

  • hevayo
  • kaumini

Poem

🐰 A version to pin, a check to skip clean,
These tiny tweaks keep the build serene,
bn.js now locked at 5.2.3 bright,
TypeScript trusts libs, all feels quite right! ✨

✨ Finishing Touches
  • 📝 Generate docstrings (stacked PR)
  • 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch devant-connections-v3

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants