Skip to content

Fix dependency vulnerabilities#11

Merged
madebydia merged 3 commits into
mainfrom
fix-dependabot-vulnerabilities
Jun 8, 2026
Merged

Fix dependency vulnerabilities#11
madebydia merged 3 commits into
mainfrom
fix-dependabot-vulnerabilities

Conversation

@madebydia

Copy link
Copy Markdown
Owner

Summary

  • remove unused ESLint tooling and config to reduce dependency surface
  • pin remaining runtime/build dependencies to exact versions
  • regenerate package-lock with 38 locked packages instead of 201
  • add .npmrc with ignore-scripts=true
  • add Node 20/22 build CI using npm ci --ignore-scripts

Verification

  • queried OSV for the regenerated lockfile: 0 reported vulnerabilities
  • checked direct dependency deprecation status: none reported
  • checked package.json/package-lock direct dependency consistency
  • checked lockfile install-script metadata

Note: local npm is intentionally unavailable on this Mac, so build verification is delegated to the new GitHub Actions workflow.

@madebydia madebydia merged commit 5940fa8 into main Jun 8, 2026
2 checks passed
@madebydia madebydia deleted the fix-dependabot-vulnerabilities branch June 8, 2026 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant