Skip to content

Update dependencies#30

Merged
sam-mfb merged 2 commits intomainfrom
claude/fix-dependabot-vulnerabilities-aMdx0
Apr 13, 2026
Merged

Update dependencies#30
sam-mfb merged 2 commits intomainfrom
claude/fix-dependabot-vulnerabilities-aMdx0

Conversation

@sam-mfb
Copy link
Copy Markdown
Owner

@sam-mfb sam-mfb commented Apr 13, 2026

claude added 2 commits April 11, 2026 12:44
@claude
Update dependencies to resolve Dependabot security alerts
e6a033d 
Run npm update to pull latest compatible versions of all dependencies,
addressing unmerged Dependabot PRs #15 (brace-expansion ReDoS), #18
(js-yaml prototype pollution), and #22 (webpack security fixes).

https://claude.ai/code/session_011s3Y5TLFre8GUFcSuQRmnZ
@claude
Regenerate pnpm-lock.yaml to fix 16 Dependabot vulnerabilities
b2c312c 
The stale pnpm-lock.yaml had vulnerable transitive dependencies:
- handlebars (critical/high/moderate): JS injection, prototype pollution
- flatted (high): prototype pollution
- picomatch (high/moderate): ReDoS, method injection
- brace-expansion (moderate): ReDoS, zero-step sequence hang

Deleted and regenerated the lock file from scratch to resolve all of them.
Both npm audit and pnpm audit now report 0 vulnerabilities.

https://claude.ai/code/session_011s3Y5TLFre8GUFcSuQRmnZ
@sam-mfb sam-mfb merged commit c127d78 into main Apr 13, 2026
2 checks passed
@sam-mfb sam-mfb deleted the claude/fix-dependabot-vulnerabilities-aMdx0 branch April 13, 2026 00:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sam-mfb @claude