Skip to content

Update transitive audit dependencies#123

Open
hauptmedia wants to merge 1 commit into
mainfrom
codex/update-transitive-audit-deps
Open

Update transitive audit dependencies#123
hauptmedia wants to merge 1 commit into
mainfrom
codex/update-transitive-audit-deps

Conversation

@hauptmedia

Copy link
Copy Markdown
Contributor

Summary

  • update the locked form-data resolution from 4.0.5 to 4.0.6
  • update the locked joi resolution from 17.13.3 to 17.13.4
  • leave broader Docusaurus/webpack/sockjs audit findings untouched because they require upstream range changes

Verification

  • node -e "const lock=require('./package-lock.json'); console.log('form-data', lock.packages['node_modules/form-data'].version); console.log('joi', lock.packages['node_modules/joi'].version);" prints form-data 4.0.6 and joi 17.13.4
  • NODE_NO_WARNINGS=1 npm audit --json | node -e "..." reports total: 29, high: 1, moderate: 28, hasFormData: false, hasJoi: false
  • git diff --check
  • npm run build succeeds; it reports the known pre-existing main link/anchor warnings covered by separate docs quality work

Note: npm run typecheck still fails on raw main because TypeScript 6 deprecates baseUrl unless ignoreDeprecations is set. That existing config fix is already covered by separate docs quality/starter-cleanup PRs, so this PR keeps the dependency change narrow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant