Skip to content

Security: bundled bumps + axios supply-chain pin (all 6 packages)#48

Merged
sbaker merged 2 commits into
mainfrom
security/bundled-bumps-stacked
Apr 23, 2026
Merged

Security: bundled bumps + axios supply-chain pin (all 6 packages)#48
sbaker merged 2 commits into
mainfrom
security/bundled-bumps-stacked

Conversation

@sbaker
Copy link
Copy Markdown
Member

@sbaker sbaker commented Apr 22, 2026

Summary

Same playbook as the prompd-cli sweep (apps#12), applied across all 6 sub-packages of prompd-app. Closes ~50 of the 79 open npm audit alerts in this repo.

Stacked on #47 — once that lands, this rebases trivially.

Per-package alert reduction

Package Before After Notes
backend 19 2 Only xlsx-via-@prompd/cli left (auto-fix on next CLI release)
frontend 18 4 electron / esbuild / vite / picomatch — all breaking, deferred
packages/react 23 13 vite/vitest/typescript-eslint majors deferred
packages/scheduler 14 2 xlsx-via-CLI; auto-fix
packages/test 2 2 xlsx-via-CLI; auto-fix
prompd-service 3 0 clean

Critical: axios supply-chain pin

Pinned axios to 1.15.1 exact (not caret) anywhere it's a direct dep, and added a force-pin override anywhere it's transitive. Skips compromised 1.14.1 from 2026-03-31 (UNC1069 supply-chain attack).

Verified grep -ic "plain-crypto-js" package-lock.json returns 0 in every package's lockfile.

Direct dep bumps

  • backend: axios ^1.6.2 → 1.15.1
  • frontend: yaml ^2.5.0 → ^2.8.3, lodash-es ^4.17.21 → ^4.18.1
  • packages/test: yaml ^2.7.1 → ^2.8.3
  • prompd-service: yaml ^2.3.4 → ^2.8.3

npm overrides (per-package, scope-appropriate)

Universal patterns: lodash, picomatch, brace-expansion, minimatch, follow-redirects, hono, @hono/node-server, @xmldom/xmldom, yaml.

Where express 4 lives: express > path-to-regexp ^0.1.13
Where express 5 lives (via MCP SDK): router > path-to-regexp ^8.4.0

Package-specific:

  • backend: tar ^7.5.13, undici ^7.24.0, socket.io-parser ^4.2.6, fast-xml-parser ^5.7.1
  • frontend: axios 1.15.1, socket.io-parser ^4.2.6, dompurify ^3.4.1
  • packages/react: rollup ^4.60.2, flatted ^3.4.2
  • packages/scheduler: axios 1.15.1, tar ^7.5.13
  • prompd-service: qs ^6.14.2

Test plan

  • npm install succeeds in every package (frontend requires --legacy-peer-deps due to pre-existing tiptap-markdown peer conflict; unrelated)
  • No plain-crypto-js in any lockfile
  • npm ls axios returns 1.15.1 exact in every tree
  • frontend npm test — 52/52 pass (3 suites)
  • frontend tsc -b --dry — clean
  • Reviewer: full backend/scheduler/react CI build (the worktree was a fresh install; bumps are surgical but worth a clean run)
  • Reviewer: smoke desktop electron build (electron:build:win)

Known residuals

xlsx (6 alerts) — surfaces as @prompd/cli → xlsx in backend / scheduler / test. Already fixed in the unreleased CLI (prompd-cli#13 merged); auto-clears when next CLI version is published and consumed here.

Deferred for separate decision (would have been PR 3 / 4 / 5):

  • vite 6 → 8 (frontend + react) — breaking
  • vitest → 4 (react) — breaking
  • typescript-eslint v6 → v8 (react) — breaking, dev only
  • electron 40 → newer (frontend) — needs main-process compat check
  • monaco-editor (frontend) — fix is a downgrade per audit; needs investigation
  • vue-template-compiler (react) — pulled by vue-tsc; weird

Note on --legacy-peer-deps

Frontend npm install requires the flag due to a pre-existing peer conflict around tiptap-markdown@0.8.10 vs @tiptap/core@3.20.4. Unrelated to this PR but flagging so the next reviewer doesn't get spooked.

🤖 Generated with Claude Code

sbaker and others added 2 commits April 21, 2026 14:25
@sbaker @claude
Security: patch convict (backend) and @clerk/shared (frontend) criticals
69cb3dd 
Closes 2 critical Dependabot/npm-audit alerts via npm overrides:

- backend: convict ^6.2.4 -> ^6.2.5 (transitive via cohere-ai)
  Closes prototype pollution via startsWith(). Patch-level bump
  satisfies cohere-ai's existing convict ^6.2.4 range.

- frontend: @clerk/shared ^3.47.2 -> ^3.47.4 (transitive via @clerk/clerk-react)
  Closes middleware-based route protection bypass in the Clerk
  JavaScript SDK. Patch-level bump satisfies clerk-react's
  existing @clerk/shared ^3.47.2 range.

Both fixes are minimum-impact (same minor version, security-only
patches). Direct-dep bumps were not used because the offending
packages are transitives.

Verified:
- npm install succeeds (frontend requires --legacy-peer-deps for
  pre-existing tiptap-markdown peer conflict, unrelated)
- backend npm audit: 19 -> 18 (1 critical convict closed)
- frontend npm audit: 18 -> 17 (1 critical clerk closed)
- npm ls confirms convict@6.2.5 and @clerk/shared@3.47.4

Build/test verification deferred to CI (worktree had no node_modules
pre-installed; bumps are too narrow to plausibly break anything).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sbaker @claude
Security: bundled Dependabot bumps + axios supply-chain pin (all pack…
ca8ff9e 
…ages)

Closes ~50 of 79 npm-audit alerts across all 6 sub-packages. The same
playbook that landed on prompd-cli (PRs #12, #13, #14) applied here.

Direct dependency bumps:
- backend axios: ^1.6.2 -> 1.15.1 (exact pin to skip compromised
  1.14.1 from 2026-03-31 supply-chain attack)
- frontend yaml: ^2.5.0 -> ^2.8.3
- frontend lodash-es: ^4.17.21 -> ^4.18.1
- packages/test yaml: ^2.7.1 -> ^2.8.3
- prompd-service yaml: ^2.3.4 -> ^2.8.3

npm overrides for stuck transitives (per-package, scope-appropriate):
- yaml ^2.8.3 (backend, frontend, scheduler)
- lodash ^4.18.1, lodash-es ^4.18.1
- picomatch ^2.3.2, brace-expansion ^2.0.3
- minimatch ^9.0.7
- follow-redirects ^1.16.0
- hono ^4.12.14, @hono/node-server ^1.19.13
- @xmldom/xmldom ^0.8.12
- tar ^7.5.13 (backend, scheduler)
- undici ^7.24.0 (backend)
- socket.io-parser ^4.2.6 (backend, frontend)
- fast-xml-parser ^5.7.1 (backend)
- dompurify ^3.4.1 (frontend)
- rollup ^4.60.2, flatted ^3.4.2 (packages/react)
- qs ^6.14.2 (prompd-service)
- axios 1.15.1 (frontend, scheduler — transitive force-pin)
- express > path-to-regexp ^0.1.13 (everywhere express 4 lives)
- router > path-to-regexp ^8.4.0 (everywhere express 5 lives)

Verified after install:
- No plain-crypto-js in any package-lock.json (compromised axios payload)
- axios resolves to 1.15.1 exact in every tree
- yaml resolves to 2.8.3 in backend (was 2.8.2)
- frontend npm test: 52/52 pass (3 suites)
- frontend tsc -b dry run: clean
- Per-package alert reduction:
  - backend: 19 -> 2 (only xlsx-via-@prompd/cli; auto-fix on CLI release)
  - frontend: 18 -> 4 (electron, esbuild, vite, picomatch — all deferred breaking)
  - packages/react: 23 -> 13 (vite/vitest/typescript-eslint majors deferred)
  - packages/scheduler: 14 -> 2 (xlsx-via-CLI; auto-fix)
  - packages/test: 2 -> 2 (xlsx-via-CLI; auto-fix)
  - prompd-service: 3 -> 0

Stacked on top of #47 (convict + @clerk criticals). When #47 merges
first, this branch rebases trivially. When this merges first, #47
will need a small overrides-block rebase.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sbaker sbaker merged commit a6ea0ac into main Apr 23, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@sbaker sbaker

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sbaker