Skip to content

Add automated dependency vulnerability scanning#138

Merged
kaviththiranga merged 2 commits into
mainfrom
add-dependabot
Nov 28, 2025
Merged

Add automated dependency vulnerability scanning#138
kaviththiranga merged 2 commits into
mainfrom
add-dependabot

Conversation

@kaviththiranga

Copy link
Copy Markdown
Contributor
  • Add Dependabot configuration for security-only updates
  • Add security audit step to PR workflow (fails on high/critical)

  - Add Dependabot configuration for security-only updates
  - Add security audit step to PR workflow (fails on high/critical)
npm audit fix --force
npm warn using --force Recommended protections disabled.
npm warn audit Updating @docusaurus/core to 3.9.2, which is outside your stated dependency range.

added 13 packages, removed 291 packages, changed 73 packages, and audited 1307 packages in 31s

402 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

Ran it in force mode to bump the versions out of preferred patch range
Tested and works fine.
@kaviththiranga kaviththiranga merged commit e4c2e00 into main Nov 28, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants