Skip to content

perf: update dependencies to fix 10 security vulnerabilities#538

Merged
deepracticexc merged 2 commits intomainfrom
fix/security-round-2
Feb 11, 2026
Merged

perf: update dependencies to fix 10 security vulnerabilities#538
deepracticexc merged 2 commits intomainfrom
fix/security-round-2

Conversation

@deepracticexc
Copy link
Member

  • Update vitest (2.1.9 → 4.0.18) and related packages to fix vite/esbuild vulnerabilities
  • Update @npmcli/arborist to fix 4 tar-related high-severity vulnerabilities
  • Update @modelcontextprotocol/server-filesystem to fix diff DoS vulnerability
  • Update minimatch to fix @isaacs/brace-expansion DoS vulnerability
  • Update electron-vite (2.0.0 → 5.0.0) to support vite 7.x
  • Update @types/node (18.x → 22.x) for compatibility

Vulnerabilities reduced: 23 → 13 (10 fixed)

  • Fixed: 4 high, 5 moderate, 1 low
  • Remaining: 13 deep dependency issues (require upstream updates)

All packages build successfully. No breaking changes.

deepracticexc and others added 2 commits February 11, 2026 17:33
- Update vitest (2.1.9 → 4.0.18) and related packages to fix vite/esbuild vulnerabilities
- Update @npmcli/arborist to fix 4 tar-related high-severity vulnerabilities
- Update @modelcontextprotocol/server-filesystem to fix diff DoS vulnerability
- Update minimatch to fix @isaacs/brace-expansion DoS vulnerability
- Update electron-vite (2.0.0 → 5.0.0) to support vite 7.x
- Update @types/node (18.x → 22.x) for compatibility

Vulnerabilities reduced: 23 → 13 (10 fixed)
- Fixed: 4 high, 5 moderate, 1 low
- Remaining: 13 deep dependency issues (require upstream updates)

All packages build successfully. No breaking changes.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Use electron 35.7.5 from main branch (downgraded from 40.3.0)
- Keep electron-vite 5.0.0 to support vite 7.x
- Regenerate pnpm-lock.yaml with merged dependencies
@deepracticexc deepracticexc merged commit 9616d5a into main Feb 11, 2026
@deepracticexc deepracticexc deleted the fix/security-round-2 branch February 11, 2026 09:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant