Skip to content

fix(deps): npm audit fix — clear moderate+ advisories#4

Merged
BenSheridanEdwards merged 1 commit into
mainfrom
deps/npm-audit-fix
Jun 17, 2026
Merged

fix(deps): npm audit fix — clear moderate+ advisories#4
BenSheridanEdwards merged 1 commit into
mainfrom
deps/npm-audit-fix

Conversation

@BenSheridanEdwards

Copy link
Copy Markdown
Owner

Lockfile-only npm audit fix. Clears the high-severity vite advisories and the @babel/core file-read; one low esbuild advisory remains (major bump needed) but is below the verify gate's --audit-level=moderate. Unblocks the complexity-gate PR (#3). 🤖 Generated with Claude Code

Lockfile-only `npm audit fix`: resolves the high-severity vite advisories
(server.fs.deny bypass, launch-editor NTLM hash disclosure) and the @babel/core
sourceMappingURL file-read, bumping to patched transitive versions. One low-severity
esbuild advisory remains (needs a major bump); it's below the CI gate's
--audit-level=moderate, so `verify` goes green. Unblocks the complexity-gate PR.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown

Fallow audit report

Found 1 finding.

Details
Severity Rule Location Description
major fallow/unused-dependency packages/cli/package.json:17 Package '@galaxy-graph/core' is in dependencies but never imported; imported in other workspaces: examples/basic, packages/adapters

Generated by fallow.

@github-actions

Copy link
Copy Markdown

Fallow audit report

0 inline findings selected for GitHub review.

@BenSheridanEdwards BenSheridanEdwards merged commit fa84263 into main Jun 17, 2026
2 checks passed
@BenSheridanEdwards BenSheridanEdwards deleted the deps/npm-audit-fix branch June 17, 2026 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants