Skip to content

chore(deps): update dependencies #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
llbbl merged 1 commit into from
Jan 23, 2026
Merged

chore(deps): update dependencies #17

llbbl merged 1 commit into from
Jan 23, 2026

Conversation

@llbbl
Copy link
Owner

@llbbl llbbl commented Jan 23, 2026

Summary

  • Fixed 7 security vulnerabilities (5 high, 2 moderate)
  • Updated 17 packages (patch + minor updates)
  • 1 remaining moderate vulnerability requires vitest 4.x major upgrade

Security Fixes

  • astro 5.16.15: Fixes devalue DoS, h3 request smuggling, and diff DoS vulnerabilities
  • @tailwindcss/vite 4.1.18: Fixes tar package vulnerabilities

Package Updates

Patch Updates

  • @astrojs/node
  • @astrojs/react
  • @biomejs/biome
  • @testing-library/react
  • @types/react
  • @types/react-dom
  • react
  • react-dom
  • tailwindcss

Minor Updates

  • astro (major security fixes)
  • happy-dom
  • openai
  • tailwind-merge
  • winston
  • @libsql/client
  • lucide-react

Vulnerability Status

  • Before: 8 vulnerabilities (5 high, 2 moderate, 1 low)
  • After: 1 moderate vulnerability (requires vitest 4.x major upgrade)

Test Plan

  • Dependencies installed successfully
  • Run pnpm test to verify all tests pass
  • Run pnpm dev to verify dev server works
  • Run pnpm build to verify production build works
  • Verify search functionality works correctly

Generated with Claude Code

@llbbl
chore(deps): update dependencies
79a4967 
Security fixes:
- astro 5.16.15 (fixes devalue DoS, h3 request smuggling, diff DoS)
- @tailwindcss/vite 4.1.18 (fixes tar vulnerabilities)

Patch updates:
- @astrojs/node, @astrojs/react, @biomejs/biome
- @testing-library/react, @types/react, @types/react-dom
- react, react-dom, tailwindcss

Minor updates:
- astro, happy-dom, openai, tailwind-merge, winston
- @libsql/client, lucide-react

Reduces security vulnerabilities from 8 to 1.
@llbbl llbbl merged commit ac576bf into main Jan 23, 2026
2 checks passed
@llbbl llbbl deleted the deps/update-packages branch January 23, 2026 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@llbbl