Skip to content

Fix: Apply non-breaking npm audit fixes#274

Open
tykeal wants to merge 1 commit into
dcoapp:mainfrom
tykeal:chore/npm-audit-fix
Open

Fix: Apply non-breaking npm audit fixes#274
tykeal wants to merge 1 commit into
dcoapp:mainfrom
tykeal:chore/npm-audit-fix

Conversation

@tykeal

@tykeal tykeal commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Applied npm audit fix without --force.
  • Updated package-lock.json transitive dependency versions only.
  • Left breaking major upgrades out of scope.

Audit counts

  • Before: 55 vulnerabilities (18 low, 23 moderate, 12 high, 2 critical)
  • After: 26 vulnerabilities (9 low, 17 moderate, 0 high, 0 critical)

Remaining major-only advisories

All remaining fixes require npm audit fix --force and breaking upgrades to probot@14.3.2 or jest@30.4.2:

Validation

  • npm ci
  • npm test on Node v24.18.0 via npx -p node@24

Closes #259

Applied npm audit fix without --force.

Updated transitive dependency versions in package-lock.json.

Audit counts drop from 55 vulnerabilities:

- before: 18 low, 23 moderate, 12 high, 2 critical

- after: 9 low, 17 moderate, 0 high, 0 critical

Remaining advisories require breaking major upgrades to:

- probot 14.3.2

- jest 30.4.2

Closes dcoapp#259

Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
@tykeal tykeal requested review from a team and Copilot June 30, 2026 15:52
@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

@tykeal is attempting to deploy a commit to the DCO App Team on Vercel.

A member of the Team first needs to authorize it.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
app Ready Ready Preview, Comment Jun 30, 2026 4:23pm

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Apply non-breaking npm audit fixes

2 participants