Skip to content

Fix security vulnerabilities by upgrading dependencies#135

Merged
tbroadley merged 6 commits intomasterfrom
fix-security-vulnerabilities
Mar 6, 2026
Merged

Fix security vulnerabilities by upgrading dependencies#135
tbroadley merged 6 commits intomasterfrom
fix-security-vulnerabilities

Conversation

@tbroadley
Copy link
Copy Markdown
Owner

@tbroadley tbroadley commented Mar 6, 2026

Summary

  • Fixes all 25 security vulnerabilities (5 Low, 4 Moderate, 16 High) by upgrading dependencies
  • Upgrades all packages to their latest versions
  • Adds yarn resolutions to force patched versions of transitive dependencies (diff >=8.0.3, serialize-javascript >=7.0.3)
  • Updates code to handle breaking changes from major version upgrades

Changes

  • chai (v4 → v6): Updated imports to use import * as chai
  • globby (v11 → v16): Changed to named import
  • dictionary packages (v3 → v4): Updated Dictionary type from callback-based to object-based API
  • unist-util-visit (v1 → v5): Changed to named import
  • vfile (v3 → v6): Updated to use new VFile() constructor
  • vfile-reporter (v6 → v8): Updated import for VFileMessage
  • Updated test expectations to match new message formats from upgraded packages

Test plan

  • All 101 tests passing
  • `yarn audit` reports 0 vulnerabilities
  • CLI functions correctly with upgraded packages
  • Breaking changes from major version upgrades properly handled

🤖 Generated with Claude Code

tbroadley and others added 6 commits March 5, 2026 20:39
@tbroadley @claude
Fix security vulnerabilities by upgrading dependencies
28b7cc8 
Upgrades all packages to latest versions and adds resolutions for transitive dependencies (diff, serialize-javascript) to fix 25 security vulnerabilities (5 Low, 4 Moderate, 16 High). Updates code and tests to handle breaking changes from major version upgrades of chai, globby, vfile, unist-util-visit, and dictionary packages.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@tbroadley
Update CHANGELOG for security vulnerability fixes
17590a0
@tbroadley
Migrate ESLint to v10 flat config format
c156c5d 
- Create new eslint.config.js using flat config format
- Add @eslint/js and globals dependencies
- Remove incompatible import plugin rules (not yet compatible with ESLint 10)
- Configure ignore patterns for unused variables with underscore prefix
- Fix unused variable and type declaration issues
- All tests and linting now passing
@tbroadley
Format
a5e617e
@tbroadley
Fix lint
7f208af
@tbroadley
Fix hook
45cb8c9
@tbroadley tbroadley merged commit 194466d into master Mar 6, 2026
6 checks passed
@tbroadley tbroadley deleted the fix-security-vulnerabilities branch March 6, 2026 05:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tbroadley