chore(deps): upgrade some security vulnerabilities #1100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

mbbx6spp merged 1 commit into next from mbbx6spp/security-fixes

May 9, 2025

Contributor

mbbx6spp commented May 9, 2025 •

edited

Loading

[![PR App][icn]][demo]

🧰 Changes

This upgrades some of the vulnerable NPM dependencies and takes the project from:

34 vulnerabilities (3 low, 10 moderate, 21 high)

To:

16 vulnerabilities (1 moderate, 15 high)

Package upgrades include:

@babel/* packages: Upgraded from various 7.23–7.26.x versions to 7.27.x.
@esbuild/* and esbuild: Upgraded from 0.20.2 to 0.25.4 (and all platform-specific binaries).
@octokit/*: endpoint, openapi-types, plugin-paginate-rest, request, request-error, types all upgraded to newer major/minor versions.
@rollup/* and rollup: Upgraded from 4.14.2 to 4.40.2 (and all platform-specific binaries).
@vitejs/plugin-react: 4.2.1 → 4.4.1.
vite: 5.2.8 → 6.3.5.
axios: 1.7.7 → 1.9.0.
body-parser: 1.20.2 → 1.20.3.
browserslist: 4.23.0 → 4.24.5.
caniuse-lite: 1.0.30001609 → 1.0.30001717.
cookie: 0.6.0 → 0.7.1.
cross-spawn: 7.0.3 → 7.0.6.
electron-to-chromium: 1.4.735 → 1.5.151.
encodeurl: 1.0.2 → 2.0.0.
express: 4.19.2 → 4.21.2.
finalhandler: 1.2.0 → 1.3.1.
http-proxy-middleware: 2.0.6 → 2.0.9.
jiti: 1.17.1 → 2.4.2.
jsesc: 2.5.2 → 3.1.0.
katex: 0.16.11 → 0.16.22.
merge-descriptors: 1.0.1 → 1.0.3.
node-releases: 2.0.14 → 2.0.19.
path-to-regexp: 0.1.7 → 0.1.12.
qs: 6.11.0 → 6.13.0.
react-refresh: 0.14.0 → 0.17.0.
send: 0.18.0 → 0.19.0.
serve-static: 1.15.0 → 1.16.2.
tinyglobby: 0.2.10 → 0.2.13.
ws: 8.16.0 → 8.18.2.

Other notable changes:

Many dependencies now include explicit "license" fields.
Some dependencies have updated or added peer/optional dependencies.
Some deprecated packages (like trim) were moved or restructured.

My one regret:

I haven't yet upgraded the version of remark-parse that still uses the deprecated package trim yet. Perhaps in a subsequent pull request.

🧬 QA & Testing


          chore(deps): upgrade some security vulnerabilities

3c70e62

llimllib approved these changes

View reviewed changes

davinhazard approved these changes

View reviewed changes

mbbx6spp merged commit 93363c0 into next

14 checks passed

mbbx6spp deleted the mbbx6spp/security-fixes branch

May 9, 2025 15:59

rafegoldberg pushed a commit that referenced this pull request


          build(release): 🚀 v9.3.3 🦉

76cfb49

## Version 9.3.3
### 🛠 Fixes & Updates

* **deps:** bump estree-util-value-to-estree from 3.3.3 to 3.4.0 ([#1103](#1103)) ([0c11f0d](0c11f0d))
* **deps:** bump remark-gfm from 4.0.0 to 4.0.1 ([#1102](#1102)) ([d1476af](d1476af)), closes [remarkjs/remark-gfm#73](remarkjs/remark-gfm#73)
* **deps:** bump tailwindcss from 4.1.5 to 4.1.6 ([#1101](#1101)) ([225a669](225a669)), closes [#17831](https://github.com/readmeio/markdown/issues/17831) [#17854](https://github.com/readmeio/markdown/issues/17854) [#17898](https://github.com/readmeio/markdown/issues/17898) [#17906](https://github.com/readmeio/markdown/issues/17906) [#17952](https://github.com/readmeio/markdown/issues/17952) [#17775](https://github.com/readmeio/markdown/issues/17775) [#17831](https://github.com/readmeio/markdown/issues/17831) [#17846](https://github.com/readmeio/markdown/issues/17846) [#17836](https://github.com/readmeio/markdown/issues/17836) [#17889](https://github.com/readmeio/markdown/issues/17889) [#17906](https://github.com/readmeio/markdown/issues/17906) [#17925](https://github.com/readmeio/markdown/issues/17925) [#17929](https://github.com/readmeio/markdown/issues/17929) [#17831](https://github.com/readmeio/markdown/issues/17831) [#17854](https://github.com/readmeio/markdown/issues/17854) [#17898](https://github.com/readmeio/markdown/issues/17898) [#17906](https://github.com/readmeio/markdown/issues/17906) [#17952](https://github.com/readmeio/markdown/issues/17952) [#17775](https://github.com/readmeio/markdown/issues/17775) [#17831](https://github.com/readmeio/markdown/issues/17831) [#17846](https://github.com/readmeio/markdown/issues/17846) [#17836](https://github.com/readmeio/markdown/issues/17836) [#17889](https://github.com/readmeio/markdown/issues/17889) [#17906](https://github.com/readmeio/markdown/issues/17906) [#17925](https://github.com/readmeio/markdown/issues/17925) [#17929](https://github.com/readmeio/markdown/issues/17929) [#17951](https://github.com/readmeio/markdown/issues/17951) [#17775](https://github.com/readmeio/markdown/issues/17775) [#17924](https://github.com/readmeio/markdown/issues/17924) [#17925](https://github.com/readmeio/markdown/issues/17925) [#17889](https://github.com/readmeio/markdown/issues/17889) [#17836](https://github.com/readmeio/markdown/issues/17836) [#17831](https://github.com/readmeio/markdown/issues/17831)
* try and fix types ([#1104](#1104)) ([df2e5b1](df2e5b1))
* **deps:** upgrade some security vulnerabilities ([#1100](#1100)) ([93363c0](93363c0))

<!--SKIP CI-->

Contributor

rafegoldberg commented May 13, 2025

This PR was released!

🚀 Changes included in v9.3.3

rafegoldberg added the released label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels