Skip to content

chore: refresh lockfile to clear pnpm audit findings#20

Merged
BenKalsky merged 1 commit into
mainfrom
chore/audit-refresh
Jul 2, 2026
Merged

chore: refresh lockfile to clear pnpm audit findings#20
BenKalsky merged 1 commit into
mainfrom
chore/audit-refresh

Conversation

@BenKalsky

Copy link
Copy Markdown
Member

Why

pnpm audit reported 2 findings (1 high, 1 moderate), both in vitest's transitive vite@8.0.10: server.fs.deny bypass on Windows and launch-editor NTLMv2 hash disclosure, both patched in vite 8.0.16.

Changes

Lockfile regeneration only — resolves vite 8.1.3 / vitest 4.1.9. No package.json changes; the package still has zero runtime dependencies.

Verification

pnpm audit clean, pnpm typecheck, pnpm test (29/29), pnpm build — all green.

🤖 Generated with Claude Code

The stale lockfile held vitest's transitive vite at a version with two
advisories (fs.deny bypass on Windows, launch-editor NTLMv2 disclosure
— both patched in 8.0.16). Regenerating resolves vite 8.1.3; pnpm audit
is now clean. Dev dependencies only, no runtime deps exist.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@BenKalsky BenKalsky merged commit dadb82c into main Jul 2, 2026
5 checks passed
@BenKalsky BenKalsky deleted the chore/audit-refresh branch July 2, 2026 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant