Skip to content

Fix dependabot vulnerabilities#49

Merged
ddbruce merged 3 commits into
mainfrom
fix/dependabot-vulns
Jul 5, 2026
Merged

Fix dependabot vulnerabilities#49
ddbruce merged 3 commits into
mainfrom
fix/dependabot-vulns

Conversation

@ddbruce

@ddbruce ddbruce commented Jul 5, 2026

Copy link
Copy Markdown
Member

Remove npm from dependencies (accidentally added in a prior fix; not used by the app, pulled in npm's bundled tree accounting for 8 advisories), and apply npm audit fix for form-data (CRLF injection) and qs (DoS).

npm audit now reports 0 vulnerabilities.

ddbruce and others added 3 commits July 5, 2026 15:29
Remove `npm` from dependencies (accidentally added in a prior fix; not
used by the app, pulled in npm's bundled tree accounting for 8 advisories),
and apply npm audit fix for form-data (CRLF injection) and qs (DoS).

npm audit now reports 0 vulnerabilities.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@ddbruce ddbruce merged commit ad2a47d into main Jul 5, 2026
1 check passed
@ddbruce ddbruce deleted the fix/dependabot-vulns branch July 5, 2026 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant