Skip to content

fix: resolve npm audit advisories#40

Closed
newmattock wants to merge 1 commit into
eliottreich:mainfrom
newmattock:codex/resolve-npm-audit
Closed

fix: resolve npm audit advisories#40
newmattock wants to merge 1 commit into
eliottreich:mainfrom
newmattock:codex/resolve-npm-audit

Conversation

@newmattock
Copy link
Copy Markdown
Contributor

@newmattock newmattock commented May 18, 2026

Summary

  • refresh vulnerable transitive dependency resolutions in package-lock.json
  • update express-rate-limit, hono, and ip-address to patched versions within the current dependency ranges
  • leave package.json dependency ranges unchanged

Why

The current lockfile resolves to versions flagged by npm audit with three moderate advisories. Refreshing the lockfile removes those audit findings without changing declared dependency ranges.

Fixes #17.

Validation

  • npm audit
  • npm test
  • npm run build

@newmattock newmattock force-pushed the codex/resolve-npm-audit branch from f7e5e98 to e1eb198 Compare May 18, 2026 20:55
@eliottreich
Copy link
Copy Markdown
Owner

eliottreich commented May 20, 2026

Closing this competing submission. The TaskBounty bounty was awarded to another submission; the winning PR has been merged. Thanks for the attempt — find other open bounties at https://www.task-bounty.com/browse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Resolve 3 moderate npm audit advisories in transitive deps

2 participants

@newmattock @eliottreich