Skip to content

Fix npm audit vulnerabilities via lockfile updates#472

Merged
zortos293 merged 1 commit into
devfrom
capy/security-lockfile-updates
May 17, 2026
Merged

Fix npm audit vulnerabilities via lockfile updates#472
zortos293 merged 1 commit into
devfrom
capy/security-lockfile-updates

Conversation

@zortos293
Copy link
Copy Markdown
Collaborator

@zortos293 zortos293 commented May 17, 2026

Summary

This PR updates dependency lockfiles across both repositories to address security advisories and outdated transitive dependencies, reducing vulnerability counts without breaking changes.

Changes

OpenNOW (opennow-stable/package-lock.json)

  • vite 7.3.1 → 7.3.3 (fixes high-severity dev server vulnerabilities)
  • postcss 8.5.8 → 8.5.14 (fixes moderate XSS advisory)
  • ip-address 10.1.0 → 10.2.0 (fixes moderate XSS advisory)
  • Result: 0 vulnerabilities (down from 1 high + 2 moderate)

OpenNOW-Site (package-lock.json)

  • vite 6.4.1 → 6.4.2
  • rollup 4.55.2 → 4.60.4 (fixes high path-traversal advisory)
  • h3 1.15.5 → 1.15.11 (fixes high SSE injection and path-traversal advisories)
  • postcss 8.5.6 → 8.5.14
  • picomatch 4.0.3 → 4.0.4 (fixes high ReDoS advisory)
  • svgo 4.0.0 → 4.0.1 (fixes high DoS advisory)
  • smol-toml 1.6.0 → 1.6.1
  • devalue 5.6.2 → 5.8.1
  • defu 6.1.4 → 6.1.7 (fixes high prototype pollution advisory)
  • @astrojs/starlight 0.37.3 → 0.37.7
  • astro 5.16.11 → 5.18.1
  • Result: 3 vulnerabilities (2 low + 1 moderate, down from 6 high + 4 moderate + 2 low)

Remaining advisories require the Astro 5 → 6 / Starlight 0.37 → 0.39 major upgrade and are deferred to a separate PR.

Rust Native Dependencies

No action required—OSV audit found 0 advisories across Cargo.lock.

Open OPE-125 OPE-125

@zortos293 @capy-ai
Update lockfiles to fix npm audit vulnerabilities
8bf29b1 
Co-authored-by: capy-ai[bot] <230910855+capy-ai[bot]@users.noreply.github.com>
@zortos293 zortos293 added the capy Generated by capy.ai label May 17, 2026 — with Capy AI
@zortos293 zortos293 merged commit 4ab4790 into dev May 17, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

capy Generated by capy.ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zortos293