Skip to content

chore(deps): upgrading out of date deps + resolving npm audit#1466

Merged
erunion merged 4 commits into
nextfrom
chore/outdated-deps
May 13, 2026
Merged

chore(deps): upgrading out of date deps + resolving npm audit#1466
erunion merged 4 commits into
nextfrom
chore/outdated-deps

Conversation

@erunion
Copy link
Copy Markdown
Member

@erunion erunion commented May 13, 2026
edited
Loading

🧰 Changes

npm outdated

Before

Package                                 Current   Wanted   Latest  Location                                             Depended by
@commitlint/cli                          20.5.3   20.5.3   21.0.1  node_modules/@commitlint/cli                         rdme
@commitlint/config-conventional          20.5.3   20.5.3   21.0.1  node_modules/@commitlint/config-conventional         rdme
@oclif/core                              4.11.0   4.11.2   4.11.2  node_modules/@oclif/core                             rdme
@oclif/plugin-autocomplete               3.2.47   3.2.49   3.2.49  node_modules/@oclif/plugin-autocomplete              rdme
@oclif/plugin-help                       6.2.46   6.2.48   6.2.48  node_modules/@oclif/plugin-help                      rdme
@oclif/plugin-plugins                    5.4.64   5.4.67   5.4.67  node_modules/@oclif/plugin-plugins                   rdme
@oclif/plugin-warn-if-update-available   3.1.62   3.1.64   3.1.64  node_modules/@oclif/plugin-warn-if-update-available  rdme
@readme/oxlint-config                     1.2.0    1.3.1    1.3.1  node_modules/@readme/oxlint-config                   rdme
@vitest/coverage-v8                       4.1.5    4.1.6    4.1.6  node_modules/@vitest/coverage-v8                     rdme
@vitest/expect                            4.1.5    4.1.6    4.1.6  node_modules/@vitest/expect                          rdme
configstore                               7.1.0    7.1.0    8.0.0  node_modules/configstore                             rdme
knip                                     6.12.0   6.13.1   6.13.1  node_modules/knip                                    rdme
nock                                    14.0.14  14.0.15  14.0.15  node_modules/nock                                    rdme
oas                                      33.0.0   33.1.4   33.1.4  node_modules/oas                                     rdme
oxfmt                                    0.48.0   0.48.0   0.49.0  node_modules/oxfmt                                   rdme
oxlint                                   1.63.0   1.64.0   1.64.0  node_modules/oxlint                                  rdme
semver                                    7.7.4    7.8.0    7.8.0  node_modules/semver                                  rdme
undici                                   6.25.0   6.25.0    8.2.0  node_modules/undici                                  rdme
vitest                                    4.1.5    4.1.6    4.1.6  node_modules/vitest                                  rdme

After

Package                          Current  Wanted  Latest  Location                                      Depended by
@commitlint/cli                   20.5.3  20.5.3  21.0.1  node_modules/@commitlint/cli                  rdme
@commitlint/config-conventional   20.5.3  20.5.3  21.0.1  node_modules/@commitlint/config-conventional  rdme
configstore                        7.1.0   7.1.0   8.0.0  node_modules/configstore                      rdme
undici                            6.25.0  6.25.0   8.2.0  node_modules/undici                           rdme

npm audit

https://github.com/readmeio/rdme/security/dependabot/112
https://github.com/readmeio/rdme/security/dependabot/113
https://github.com/readmeio/rdme/security/dependabot/111
https://github.com/readmeio/rdme/security/dependabot/110

Before

fast-uri  <=3.1.1
Severity: high
fast-uri vulnerable to path traversal via percent-encoded dot segments - https://github.com/advisories/GHSA-q3j6-qgpj-74h6
fast-uri vulnerable to host confusion via percent-encoded authority delimiters - https://github.com/advisories/GHSA-v39h-62p7-jpjc
fix available via `npm audit fix`
node_modules/fast-uri

fast-xml-builder  <=1.1.6
Severity: high
fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes - https://github.com/advisories/GHSA-5wm8-gmm8-39j9
fast-xml-builder Comment Value regex can be bypassed - https://github.com/advisories/GHSA-45c6-75p6-83cc
fix available via `npm audit fix`
node_modules/fast-xml-builder

2 high severity vulnerabilities

After

found 0 vulnerabilities

@erunion erunion added the dependencies Pull requests that update a dependency file label May 13, 2026
@erunion erunion changed the title chore(deps): ugprading out of date deps chore(deps): upgrading out of date deps + resolving npm audit May 13, 2026
@erunion erunion marked this pull request as ready for review May 13, 2026 16:49
@erunion erunion merged commit ffd161a into next May 13, 2026
9 checks passed
@erunion erunion deleted the chore/outdated-deps branch May 13, 2026 16:50
@erunion
Copy link
Copy Markdown
Member Author

erunion commented May 13, 2026

🎉 This PR is included in version 10.8.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@erunion