Skip to content

[Snyk] Security upgrade @openapitools/openapi-generator-cli from 2.28.3 to 2.30.0#10977

Open
sestinj wants to merge 1 commit intomainfrom
snyk-fix-d494889ac88cc233a20c3c1807e55465
Open

[Snyk] Security upgrade @openapitools/openapi-generator-cli from 2.28.3 to 2.30.0#10977
sestinj wants to merge 1 commit intomainfrom
snyk-fix-d494889ac88cc233a20c3c1807e55465

Conversation

@sestinj
Copy link
Contributor

@sestinj sestinj commented Mar 2, 2026
edited by continue bot
Loading

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • packages/continue-sdk/package.json
  • packages/continue-sdk/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Incorrect Authorization
SNYK-JS-NESTJSCORE-15365922		   803  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Incorrect Authorization

Continue Tasks: ✅ 7 no changes — View all

Summary by cubic

Upgrade @openapitools/openapi-generator-cli to 2.30.0 in continue-sdk to fix a high-severity NestJS core authorization vulnerability and refresh transitive dependencies.

  • Dependencies

    • Bump @openapitools/openapi-generator-cli from 2.28.3 to 2.30.0.
    • Pulls @nestjs/common and @nestjs/core to 11.1.14, addressing SNYK-JS-NESTJSCORE-15365922.
    • Updates transitive packages (e.g., glob 13.0.6, minimatch/minipass); CLI internals move from inquirer to @inquirer/select.

  • Migration

    • The generator now requires Node >= 20.19.0. Update local and CI Node versions if needed.

Written for commit c8e64ee. Summary will update on new commits.

@snyk-bot
fix: packages/continue-sdk/package.json & packages/continue-sdk/packa…
c8e64ee 
…ge-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NESTJSCORE-15365922
@sestinj sestinj requested a review from a team as a code owner March 2, 2026 09:29
@sestinj sestinj requested review from Patrick-Erichsen and removed request for a team March 2, 2026 09:29
@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Mar 2, 2026
@continue
Copy link
Contributor

continue bot commented Mar 2, 2026

Documentation Review

No documentation updates are needed for this PR.

Reason: This is a security upgrade for an internal build tool dependency (@openapitools/openapi-generator-cli). The change:

  • Only affects the lockfile and package.json version
  • Is a build-time dependency, not user-facing
  • Introduces no changes to APIs, configuration, or usage patterns
  • Has no impact on how developers use or interact with Continue

Security dependency updates like this don't require documentation changes.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@github-project-automation github-project-automation bot moved this from Todo to In Progress in Issues and PRs Mar 9, 2026
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Mar 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@RomneyDa RomneyDa RomneyDa approved these changes

@Patrick-Erichsen Patrick-Erichsen Awaiting requested review from Patrick-Erichsen Patrick-Erichsen is a code owner automatically assigned from continuedev/continue-code-reviewers

Assignees

No one assigned

Labels

lgtm This PR has been approved by a maintainer size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

Issues and PRs
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sestinj @RomneyDa @snyk-bot