Skip to content

chore: apply npm audit fix for transitive devDependency vulnerabilities#102

Merged
thephez merged 1 commit into
mainfrom
fix/npm-audit
Jul 2, 2026
Merged

chore: apply npm audit fix for transitive devDependency vulnerabilities#102
thephez merged 1 commit into
mainfrom
fix/npm-audit

Conversation

@thephez

@thephez thephez commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

Bumps ajv, js-yaml, minimatch, brace-expansion, and flatted to patched versions within the semver ranges already declared by eslint and mocha.

No package.json changes — resolutions only. This resolves 5 of the 8 npm audit findings; the remaining 2 (diff, serialize-javascript) are pinned by mocha's own dependency declarations and have no fix available in a current stable mocha release.

Bumps ajv, js-yaml, minimatch, brace-expansion, and flatted to patched
versions within the semver ranges already declared by eslint and mocha.

No package.json changes — resolutions only. This resolves 5 of the 8
npm audit findings; the remaining 2 (diff, serialize-javascript) are
pinned by mocha's own dependency declarations and have no fix
available in a current stable mocha release.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f9021dcd-9887-470e-8c8f-5386c8de09c2

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • ✅ Review completed - (🔄 Check again to review again)
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/npm-audit

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@thephez

thephez commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator Author

All tests passing

@thephez thephez merged commit 84d5bf0 into main Jul 2, 2026
3 checks passed
@thephez thephez deleted the fix/npm-audit branch July 2, 2026 20:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant