Skip to content

chore: clear npm audit warnings#37

Merged
bobbyg603 merged 2 commits into
mainfrom
chore/npm-audit-fixes
May 13, 2026
Merged

chore: clear npm audit warnings#37
bobbyg603 merged 2 commits into
mainfrom
chore/npm-audit-fixes

Conversation

@bobbyg603
Copy link
Copy Markdown
Member

@bobbyg603 bobbyg603 commented May 13, 2026

Summary

  • Replaces deprecated vercel/pkg (^5.8.1) with the maintained fork @yao-pkg/pkg (^6.6.0). vercel/pkg has an unfixed local-priv-esc advisory (GHSA-22r3-9w55-cj54) and is no longer maintained.
  • Bumps @typescript-eslint/{eslint-plugin,parser} from ^6.11.0 → ^8.59.3 to clear minimatch advisories.
  • npm audit fix updates other transitive deps.
  • Resolves 12 vulnerabilities (1 low, 4 moderate, 7 high) → 0.

Test plan

  • npm install — 0 vulnerabilities
  • npm run build — TS build succeeds
  • npm test — ts-node module resolution error is pre-existing on main and unrelated to this PR

🤖 Generated with Claude Code

@bobbyg603 @claude
chore: clear npm audit warnings
ab38aff 
- Replaces deprecated vercel/pkg (^5.8.1) with maintained fork
  @yao-pkg/pkg (^6.6.0). vercel/pkg has an unfixed local privilege
  escalation advisory (GHSA-22r3-9w55-cj54) and is no longer maintained.
- Bumps @typescript-eslint/{eslint-plugin,parser} from ^6.11.0 to ^8.59.3
  to clear minimatch advisories.
- npm audit fix updates other transitive deps.

Resolves 12 vulnerabilities (1 low, 4 moderate, 7 high) → 0.
Build succeeds. Pre-existing ts-node module resolution test error on
main is unrelated to this change.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 13, 2026 17:00
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates development tooling dependencies to address npm audit warnings, primarily by replacing pkg with @yao-pkg/pkg and upgrading TypeScript ESLint packages.

Changes:

  • Replaces the pkg packaging script invocation with @yao-pkg/pkg.
  • Updates TypeScript ESLint dev dependencies to v8.
  • Replaces the deprecated pkg dev dependency with @yao-pkg/pkg.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json Outdated
@bobbyg603
Potential fix for pull request finding
bf98f95 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@bobbyg603 bobbyg603 merged commit a29aa8d into main May 13, 2026
2 checks passed
@bobbyg603 bobbyg603 deleted the chore/npm-audit-fixes branch May 13, 2026 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@daveplunkett daveplunkett daveplunkett approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bobbyg603 @daveplunkett