Modernize dependencies and fix vulnerabilities#306
Open
ehuelsmann wants to merge 313 commits into
Open
Conversation
…b251156d90 chore(deps-dev): bump express and @types/express
Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) and [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest). These dependencies needed to be updated together. Updates `jest` from 29.7.0 to 30.3.0 - [Release notes](https://github.com/jestjs/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/jestjs/jest/commits/v30.3.0/packages/jest) Updates `@types/jest` from 29.5.14 to 30.0.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) --- updated-dependencies: - dependency-name: jest dependency-version: 30.3.0 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: "@types/jest" dependency-version: 30.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
… fix CI syntax errors Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/969585e6-21b1-4ad8-aa06-ec42daf412af Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…d4eba38f0e chore(deps-dev): bump jest and @types/jest
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 24.1.0 to 29.15.2. - [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases) - [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md) - [Commits](jest-community/eslint-plugin-jest@v24.1.0...v29.15.2) --- updated-dependencies: - dependency-name: eslint-plugin-jest dependency-version: 29.15.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/4a568a0e-11b8-4e57-b3b3-2c3f77f8f9f2 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…e and disable jest/require-hook Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/c9a78299-f413-4406-b4e9-8dc2726fce4d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-plugin-jest-29.15.2 chore(deps-dev): bump eslint-plugin-jest from 24.1.0 to 29.15.2
…nse-validator Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/bb0917d3-a120-4b5c-ab36-674a6e39b0d6 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ullish coalescing Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/6bb60f01-b6bf-43d6-8790-f5a5dd53275f Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…e-validator-patch Remove stale openapi-response-validator v9 patch (dependency now on v12)
…ructions Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8461a199-2928-4262-83df-576c0ecbbb6d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ible to Node Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8461a199-2928-4262-83df-576c0ecbbb6d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/5f5bd44a-5ee4-4be9-8fbf-a85bc4b712a4 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/120991e6-2336-4a24-9b67-65208af2efed Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…lic access Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/deeb2558-e3f8-4456-a4f0-658acbe9dc25 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…kflow-for-packages Add npm publish workflow and scoped package names
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/128f3184-d93e-4445-8c1d-d85874281373 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Bump version to 0.15.0
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/53f20a24-68eb-431f-b8b5-a90ea152ce0e Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ump-script chore: remove lerna, replace with minimal version bump script
Deleted the stale yarn.lock (which contained ~275 lerna-related entries) and regenerated it by running `yarn install` against the current package.json files (no lerna dependency anywhere). The new lockfile is clean: 6138 lines vs 9278 previously, zero lerna references. Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/4a4c9ee0-3527-4cb1-b6ff-0cd3d22f8535 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-lockfiles chore: refresh yarn.lock after Lerna removal
* Update package version(s) to v0.18.0 -- due to upgrade to TS6 * Update package version(s) to 0.18.0 -- because v0.18.0 isn't acceptable * Update package version(s) to 0.18.0 -- because v0.18.0 isn't acceptable
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ions/checkout-7 chore(deps): bump actions/checkout from 6 to 7
Bumps [axios](https://github.com/axios/axios) from 1.16.1 to 1.18.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.18.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.18.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…-1.18.0 chore(deps): bump axios from 1.16.1 to 1.18.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.61.0 to 8.61.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.61.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.61.1 chore(deps-dev): bump @typescript-eslint/parser from 8.61.0 to 8.61.1
Bumps [eslint](https://github.com/eslint/eslint) from 10.4.1 to 10.5.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.4.1...v10.5.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…t-10.5.0 chore(deps-dev): bump eslint from 10.4.1 to 10.5.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.59.2 to 8.61.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.61.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/eslint-plugin-8.61.1 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.59.2 to 8.61.1
Bumps [eslint-plugin-chai-friendly](https://github.com/ihordiachenko/eslint-plugin-chai-friendly) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/ihordiachenko/eslint-plugin-chai-friendly/releases) - [Commits](ihordiachenko/eslint-plugin-chai-friendly@v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: eslint-plugin-chai-friendly dependency-version: 1.2.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…t-plugin-chai-friendly-1.2.1 chore(deps-dev): bump eslint-plugin-chai-friendly from 1.2.0 to 1.2.1
Bumps the npm_and_yarn group with 1 update in the / directory: [form-data](https://github.com/form-data/form-data). Updates `form-data` from 4.0.5 to 4.0.6 - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.5...v4.0.6) --- updated-dependencies: - dependency-name: form-data dependency-version: 4.0.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-650b74d069 chore(deps): bump form-data from 4.0.5 to 4.0.6 in the npm_and_yarn group across 1 directory
…dates Bumps the npm_and_yarn group with 2 updates in the / directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [tar](https://github.com/isaacs/node-tar). Updates `@babel/core` from 7.29.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core) Updates `tar` from 7.5.13 to 7.5.16 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.13...v7.5.16) --- updated-dependencies: - dependency-name: "@babel/core" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.16 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-a8388c6e3d chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates
…lert-108-remediation Remediate Dependabot alert #108 by pinning serialize-javascript to 7.0.5
Pin transitive uuid dependency via resolutions
chore: update uuid resolution to ^9.0.0 (Dependabot alert openapi-library#154)
fix: update uuid resolution to ^11.1.1 (Dependabot alert openapi-library#154)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are 99+ vulnerabilities reported by Dependabot on my fork. I've been working to fix them. Here's my progress.