Discovered while fixing #1339 (PR #1343): the "Security Scanning" job in CI - Build & Test also runs npm audit on the frontend, which fails with multiple advisories independent of the Go-side govulncheck failure (which #1343 resolves via the pgx bump). Current highlights from run 28664972267: @babel/plugin-transform-modules-systemjs (high, GHSA-fv7c-fp4j-7gwp), fast-uri path traversal (high), flatted unbounded recursion (high), ajv ReDoS (moderate), brace-expansion (moderate), @tootallnate/once, and more - most flagged "fix available via npm audit fix".
Fix for real per the no-masking-CI-debt directive: run npm audit fix (no --force without reviewing breaking bumps), verify typecheck/build/tests, and handle any advisories that need manual major bumps individually. Until this lands, Security Scanning stays red even after #1343.
Discovered while fixing #1339 (PR #1343): the "Security Scanning" job in CI - Build & Test also runs
npm auditon the frontend, which fails with multiple advisories independent of the Go-side govulncheck failure (which #1343 resolves via the pgx bump). Current highlights from run 28664972267: @babel/plugin-transform-modules-systemjs (high, GHSA-fv7c-fp4j-7gwp), fast-uri path traversal (high), flatted unbounded recursion (high), ajv ReDoS (moderate), brace-expansion (moderate), @tootallnate/once, and more - most flagged "fix available via npm audit fix".Fix for real per the no-masking-CI-debt directive: run
npm audit fix(no --force without reviewing breaking bumps), verify typecheck/build/tests, and handle any advisories that need manual major bumps individually. Until this lands, Security Scanning stays red even after #1343.