Skip to content

fix: remove unused node-gyp dependency#213

Merged
minghay merged 1 commit into
masterfrom
remove-nodegyp
Jul 10, 2026
Merged

fix: remove unused node-gyp dependency#213
minghay merged 1 commit into
masterfrom
remove-nodegyp

Conversation

@yk634

@yk634 yk634 commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Context

Snyk reported a high severity vulnerability in brace-expansion through the node-gyp dependency chain in screwdriver-executor-k8s.

While investigating, node-gyp looked unused in this repository.

Objective

This PR removes node-gyp from the direct dependencies of screwdriver-executor-k8s to eliminate that vulnerable path.

node-gyp did not appear to be used by the current code, scripts, or tests. If there is a known reason this dependency is still needed, please share it.

References

License

I confirm that this contribution is made under the terms of the license found in the root directory of this repository's source tree and that I have the authority necessary to make this contribution on behalf of its copyright owner.

@minghay minghay merged commit 1ccb0e4 into master Jul 10, 2026
2 checks passed
@minghay minghay deleted the remove-nodegyp branch July 10, 2026 16:50
@sd-buildbot

Copy link
Copy Markdown

🎉 This PR is included in version 17.3.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants