Fix single vuln

[lukaszgryglicki]

Signed-off-by: Lukasz Gryglicki lgryglicki@cncf.io

Assisted by OpenAI

Assisted by GitHub Copilot

Assisted by Claude

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5c7942c6-be56-454c-b539-8abec41adf70

📥 Commits

Reviewing files that changed from the base of the PR and between 3b2eccb and f65d0f4.

⛔ Files ignored due to path filters (1)

• cla-backend/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• cla-backend/package.json

---

Walkthrough

The resolutions.tmp version in cla-backend/package.json is updated from 0.2.4 to 0.2.7, maintaining the npm resolution override for the tmp package without other changes.

Changes

Dependency Resolution Update

Layer / File(s)	Summary
tmp package version resolution cla-backend/package.json	The resolutions.tmp version override is bumped from 0.2.4 to 0.2.7.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• linuxfoundation/easycla#5072: Updates tmp dependency resolution in tests/functional/package.json resolutions alongside the main backend package.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Fix single vuln' directly relates to the changeset, which updates a dependency version to fix a vulnerability.
Description check	✅ Passed	The description contains sign-off and tool acknowledgements that are related to the PR submission process, providing context about the change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch unicron-fix-single-vuln

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR updates the tmp npm package version used by the cla-backend Node dependency set to address a reported vulnerability, ensuring the lockfile and resolution pin are aligned.

Changes:

• Bump tmp from 0.2.4 to 0.2.7 in cla-backend/package.json resolutions.
• Update cla-backend/yarn.lock to lock tmp to 0.2.7 with updated tarball metadata.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
cla-backend/package.json	Updates the pinned/resolved tmp version to 0.2.7.
cla-backend/yarn.lock	Updates the lock entry for tmp to 0.2.7 (resolved URL + integrity).