chore: update dependencies and fix security vulnerabilities#51
Merged
chriskehayias merged 1 commit intomainfrom Feb 26, 2026
Merged
chore: update dependencies and fix security vulnerabilities#51chriskehayias merged 1 commit intomainfrom
chriskehayias merged 1 commit intomainfrom
Conversation
- Ran npm install to sync node_modules with package.json declarations (better-auth was missing, next/zod/dotenv/openai were at old major versions) - Ran npm audit fix to resolve 3 vulnerabilities: - rollup 4.0.0-4.58.0 (High): CVE-2026-27606 Arbitrary File Write via Path Traversal - minimatch (High): GHSA-3ppc-4f35-3m26 ReDoS via repeated wildcards - ajv <6.14.0 (Moderate): GHSA-2g4f-4pwh-qvx6 ReDoS with $data option - Ran npm update to apply all safe patch/minor updates within semver ranges - eslint v10 intentionally deferred pending breaking change evaluation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
npm audit fix): rollup CVE-2026-27606 (High — Arbitrary File Write), minimatch GHSA-3ppc-4f35-3m26 (High — ReDoS), ajv GHSA-2g4f-4pwh-qvx6 (Moderate — ReDoS)node_moduleswithpackage.jsonvianpm install— several packages were at stale major versions (Next.js 15→16, Zod 3→4, dotenv 16→17, openai 5→6) andbetter-authwas missing entirelynpm update; ESLint v10 intentionally deferred pending breaking change evaluationTest plan
npm run buildpasses (Next.js 16.1.6, Turbopack, TypeScript — clean)npm run test:runpasses (19 test files, 229 tests)npm auditreports 0 vulnerabilitiesnpm run dev) to verify runtime behavior🤖 Generated with Claude Code