Problem
The PR list has ten open [Snyk] PRs spanning 2021-2026. Most of the older ones have almost certainly been obsoleted by newer fixes or apply to dependencies that no longer exist in package.json. Snyk PRs that linger past their advisory window accumulate merge conflicts and dilute the signal of the rest of the PR queue.
Scope
Walk the open PR list (#16, #17, #18, #19, #20, #21, #23, #24, #25, #26) and for each:
- Close as obsolete if the same advisory has been addressed by a newer PR or by a manual dependency bump.
- Rebase + merge if it is still the freshest fix for its advisory and the codebase has not diverged structurally.
- Comment-and-close with reason if the dependency in question is no longer in
package.json.
End state: zero open Snyk PRs older than the most recent advisory window, or a written per-PR explanation for why one is intentionally held open.
Acceptance criteria
Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/1654/
Problem
The PR list has ten open
[Snyk]PRs spanning 2021-2026. Most of the older ones have almost certainly been obsoleted by newer fixes or apply to dependencies that no longer exist inpackage.json. Snyk PRs that linger past their advisory window accumulate merge conflicts and dilute the signal of the rest of the PR queue.Scope
Walk the open PR list (#16, #17, #18, #19, #20, #21, #23, #24, #25, #26) and for each:
package.json.End state: zero open Snyk PRs older than the most recent advisory window, or a written per-PR explanation for why one is intentionally held open.
Acceptance criteria
npm auditafter the dust settles produces zerohighorcriticaladvisories.Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/1654/