Skip to content

fix(security): patch transitive dependency vulnerabilities#76

Merged
lacerbi merged 2 commits into
mainfrom
dev
Mar 30, 2026
Merged

fix(security): patch transitive dependency vulnerabilities#76
lacerbi merged 2 commits into
mainfrom
dev

Conversation

@lacerbi

@lacerbi lacerbi commented Mar 30, 2026

Copy link
Copy Markdown
Owner

Summary

  • Ran npm audit fix to patch 9 transitive dependency vulnerabilities (ajv, brace-expansion, flatted, lodash, minimatch, webpack, yaml, and others)
  • Bumped version to 0.7.19
  • 38 remaining vulnerabilities are in @electron-forge/tar dependency chain with no fix currently available

Test plan

  • Verify npm audit shows reduced vulnerability count
  • Run npm test to confirm no regressions
  • Run npm run package to confirm build still works

🤖 Generated with Claude Code

lacerbi and others added 2 commits December 5, 2025 20:40
@lacerbi @claude
docs: update CHANGELOG for v0.7.18
039d596 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: lacerbi <luigi.acerbi@gmail.com>
@lacerbi @claude
fix(security): patch transitive dependency vulnerabilities
d8d3861 
Ran npm audit fix to address 9 vulnerabilities in transitive
dependencies (ajv, brace-expansion, flatted, lodash, minimatch,
webpack, yaml, and others). Bump version to 0.7.19.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: lacerbi <luigi.acerbi@gmail.com>
@lacerbi lacerbi merged commit db68da8 into main Mar 30, 2026
11 checks passed
@lacerbi lacerbi deleted the dev branch March 30, 2026 07:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lacerbi