Skip to content

fix: Update dependencies and fix security vulnerabilities#128

Merged
rdmueller merged 2 commits into
LLM-Coding:mainfrom
raifdmueller:feature/update-dependencies
Mar 2, 2026
Merged

fix: Update dependencies and fix security vulnerabilities#128
rdmueller merged 2 commits into
LLM-Coding:mainfrom
raifdmueller:feature/update-dependencies

Conversation

@raifdmueller

@raifdmueller raifdmueller commented Mar 2, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Fix 4 security vulnerabilities via npm audit fix:
  • Update all outdated packages to latest versions:
    • tailwindcss & @tailwindcss/vite: 4.1.18 → 4.2.1
    • eslint: 10.0.0 → 10.0.2
    • jsdom: 28.0.0 → 28.1.0
    • @lhci/cli: 0.14.0 → 0.15.1
  • Fix broken doc-page test (was testing AsciiDoc URLs instead of pre-rendered HTML URLs)

Remaining: 4 low-severity vulnerabilities in transitive deps of @lhci/cli (tmp package) — requires upstream fix.

Test plan

  • All 70 unit tests pass
  • CI pipeline passes

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores

    • Mehrere Entwicklungsabhängigkeiten auf neuere Minor-/Patch‑Versionen aktualisiert und die Pre‑Commit‑Linterkonfiguration ergänzt, um Konsistenz und Sicherheit der Entwicklungsumgebung zu verbessern.

  • Tests

    • Tests an vorgerenderte HTML-Ausgabe angepasst; erwartete Pfade/Links und die Darstellung entsprechender Beispielverweise aktualisiert.

@coderabbitai

coderabbitai Bot commented Mar 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d4a0129 and 179629c.

📒 Files selected for processing (1)
  • .pre-commit-config.yaml

Walkthrough

Die Änderungen aktualisieren mehrere devDependencies in website/package.json, ändern das AsciiDoc-Linter-Args in .pre-commit-config.yaml und passen einen Test in website/src/components/doc-page.test.js an, sodass dieser vorgerenderte HTML-Inhalte statt AsciiDoc erwartet.

Changes

Cohort / File(s) Summary
Dependency-Updates
website/package.json		 DevDependency-Versionssprünge: @lhci/cli, @tailwindcss/vite, eslint, jsdom, tailwindcss auf neuere Patch/Minor-Versionen aktualisiert.
Test-Aktualisierung
website/src/components/doc-page.test.js		 Mock-Fetch-Antwort geändert von AsciiDoc zu vorgerendertem HTML; erwartete Pfade und Assertions auf .html angepasst.
Pre-commit-Hook
.pre-commit-config.yaml		 asciidoc-linter-Hook erhält Argument --config .asciidoc-linter.yml, so dass ein spezifisches Linter-Config geladen wird.

Sequence Diagram(s)

(Sektion weggelassen — Änderungen sind keine neue Mehrkomponenten-Kontrollflussfunktion, daher keine Sequenzdiagramme.)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed Der Titel beschreibt teilweise die Änderungen, konzentriert sich aber auf Abhängigkeitsupdates und Sicherheitsfixes, während die eigentlichen Änderungen auch Test-Fixes und Konfigurationsanpassungen umfassen.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

@raifdmueller @claude
fix: Update dependencies and fix security vulnerabilities
d4a0129 
- Fix 4 security vulnerabilities (critical: basic-ftp, high: rollup & minimatch, moderate: ajv)
- Update tailwindcss 4.1.18 → 4.2.1, @tailwindcss/vite 4.1.18 → 4.2.1
- Update eslint 10.0.0 → 10.0.2, jsdom 28.0.0 → 28.1.0
- Update @lhci/cli 0.14.0 → 0.15.1
- Fix doc-page test to match pre-rendered HTML implementation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@raifdmueller raifdmueller force-pushed the feature/update-dependencies branch from 43c82fe to d4a0129 Compare March 2, 2026 10:56
@raifdmueller @claude
fix: Pass config file to AsciiDoc linter in pre-commit hook
179629c 
The .asciidoc-linter.yml disables WS001 (false positives for [discrete]
attributes), but the pre-commit hook was not passing --config, causing
all WS001 warnings to still appear.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rdmueller rdmueller merged commit b7e1b30 into LLM-Coding:main Mar 2, 2026
7 checks passed
@coderabbitai coderabbitai Bot mentioned this pull request Apr 6, 2026
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raifdmueller @rdmueller