chore: update dependencies#55
Merged
Merged
Conversation
- bump @e4a/pg-js ^0.10.0 → ^1.3.0 - npm audit fix (resolves uuid GHSA-w5hq-g745-h8pq) Closes #54
rubenhensen
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #54.
Changes
@e4a/pg-jsfrom^0.10.0to^1.3.0(major bump). It is adevDependencyonly — present for IDE/type resolution against snippet imports, not bundled or imported by VitePress at build time, so the major bump has no runtime impact on the docs site itself. Markdown snippet imports remain pinned to upstream commit hashes per the source-link convention and were not modified.npm audit fix(non-force): resolvesuuidGHSA-w5hq-g745-h8pq (5 → 4 moderate findings).Skipped (documented per issue instructions)
The remaining 4 moderate findings all stem from the
esbuild → vite → vitepress → vitepress-plugin-mermaidchain (GHSA-67mh-4wv8-2f99).npm auditreports no fix available — VitePress 1.6.4 is the latest 1.x release. The advisory affects the dev server only, not the static build deployed to production. Skipped rather than running--force.Verification
npm installcleannpm run docs:buildsucceeds (~5.6s, same output structure)npm audit: 5 → 4 moderate, 0 high/criticalReviewer quickstart