Skip to content

fix: resolve dependency vulnerabilities and add audit CI#6

Merged
ben-miru merged 2 commits intomainfrom
vulnerabilities
Mar 23, 2026
Merged

fix: resolve dependency vulnerabilities and add audit CI#6
ben-miru merged 2 commits intomainfrom
vulnerabilities

Conversation

@ben-miru
Copy link
Copy Markdown
Contributor

@ben-miru ben-miru commented Mar 23, 2026

Summary

  • Bump eslint (9→10), eslint-plugin-mdx (3.6→3.7), mint (4.2.188→4.2.446) to pick up security fixes
  • Add pnpm overrides to pin vulnerable transitive dependencies to patched versions
  • Suppress 7 CVEs with no available fix via auditConfig.ignoreCves
  • Add scripts/audit.sh and a new audit CI job to catch future vulnerabilities on every PR

Test plan

  • pnpm audit passes locally with no actionable findings
  • Lint CI job still passes after eslint major bump
  • New audit CI job runs and passes on this PR

🤖 Generated with Claude Code

ben-miru and others added 2 commits March 23, 2026 13:19
@ben-miru @claude
build: bump deps and pin overrides to resolve vulnerabilities
4c3a629 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ben-miru @claude
ci: add security audit pipeline
60d1abb 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ben-miru ben-miru merged commit 3d8fb78 into main Mar 23, 2026
2 checks passed
@ben-miru ben-miru deleted the vulnerabilities branch March 23, 2026 20:21
@mintlify
Copy link
Copy Markdown
Contributor

mintlify bot commented Mar 23, 2026
edited
Loading

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
miru 🔴 Failed Mar 23, 2026, 8:30 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ben-miru