Fix package vulnerabilities by Nisarg48 · Pull Request #1 · Benzinga/js-tools

Nisarg48 · 2026-02-17T14:06:31Z

This PR patches all flagged Vanta and Dependabot security vulnerabilities in the js-tools.

Updates Applied:

Updated direct dependencies (vitest) to their secure versions via the CLI.
Implemented NPM "overrides" to surgically update all transitive/hidden dependencies (form-data, axios, esbuild, glob, webpack, playwright, validator, jws, qs, koa, http-proxy-middleware, js-yaml, lodash, on-headers, tmp, vite) to clear Vanta alerts without forcing major version conflicts.
Resolved the V8_Fatal core dump error on GitHub Actions by increasing the runner's memory limit (NODE_OPTIONS: --max-old-space-size=6144 in ci.yml.
Added a "workspaces" array to the root package.json. This tells NPM how to link the internal libs/ packages together, which fixed the massive wave of ESLint plugin errors.
Explicitly added ajv as a dev dependency.

…ci memory.

Nisarg48 assigned appasahebs and Nisarg48 and unassigned appasahebs and Nisarg48 Feb 17, 2026

Nisarg48 added 5 commits February 19, 2026 15:34

chore(deps): upgrade packages to remove security vulnerabilities.

2d672de

fix: upgrade vulnerable packages to remove security issues

ece4498

chore: add package-lock.json to align with ci.yml.

6b7ee25

fix: configure npm workspaces, add missing ajv package, and increase …

63a42b4

…ci memory.

fix: resolve eslint plugin errors and configure npm workspaces.

e5c945c

Nisarg48 force-pushed the fix-package-vulnerabilities branch from a0d0401 to e5c945c Compare February 19, 2026 10:05

Nisarg48 requested review from appasahebs and gharia and removed request for appasahebs February 19, 2026 10:26

Provide feedback