Skip to content

Modernize dependencies and fix vulnerabilities#306

Open
ehuelsmann wants to merge 323 commits into
openapi-library:masterfrom
ehuelsmann:master
Open

Modernize dependencies and fix vulnerabilities#306
ehuelsmann wants to merge 323 commits into
openapi-library:masterfrom
ehuelsmann:master

Conversation

@ehuelsmann

Copy link
Copy Markdown

There are 99+ vulnerabilities reported by Dependabot on my fork. I've been working to fix them. Here's my progress.

ehuelsmann and others added 30 commits April 10, 2026 20:38
…ullish coalescing

Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/6bb60f01-b6bf-43d6-8790-f5a5dd53275f

Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…e-validator-patch

Remove stale openapi-response-validator v9 patch (dependency now on v12)
…kflow-for-packages

Add npm publish workflow and scoped package names
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/128f3184-d93e-4445-8c1d-d85874281373

Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ump-script

chore: remove lerna, replace with minimal version bump script
Deleted the stale yarn.lock (which contained ~275 lerna-related entries)
and regenerated it by running `yarn install` against the current
package.json files (no lerna dependency anywhere).

The new lockfile is clean: 6138 lines vs 9278 previously, zero lerna
references.

Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/4a4c9ee0-3527-4cb1-b6ff-0cd3d22f8535

Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-lockfiles

chore: refresh yarn.lock after Lerna removal
feat: ESM-first dual-publish (ESM + CJS) for all packages
chore: migrate monorepo to Yarn Berry (v4) via Corepack
ehuelsmann and others added 30 commits June 22, 2026 08:52
…cript-eslint/eslint-plugin-8.61.1

chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.59.2 to 8.61.1
Bumps [eslint-plugin-chai-friendly](https://github.com/ihordiachenko/eslint-plugin-chai-friendly) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/ihordiachenko/eslint-plugin-chai-friendly/releases)
- [Commits](ihordiachenko/eslint-plugin-chai-friendly@v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-chai-friendly
  dependency-version: 1.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…t-plugin-chai-friendly-1.2.1

chore(deps-dev): bump eslint-plugin-chai-friendly from 1.2.0 to 1.2.1
Bumps the npm_and_yarn group with 1 update in the / directory: [form-data](https://github.com/form-data/form-data).


Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-650b74d069

chore(deps): bump form-data from 4.0.5 to 4.0.6 in the npm_and_yarn group across 1 directory
…dates

Bumps the npm_and_yarn group with 2 updates in the / directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [tar](https://github.com/isaacs/node-tar).


Updates `@babel/core` from 7.29.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core)

Updates `tar` from 7.5.13 to 7.5.16
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.13...v7.5.16)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-a8388c6e3d

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates
…lert-108-remediation

Remediate Dependabot alert #108 by pinning serialize-javascript to 7.0.5
Pin transitive uuid dependency via resolutions
chore: update uuid resolution to ^9.0.0 (Dependabot alert openapi-library#154)
fix: update uuid resolution to ^11.1.1 (Dependabot alert openapi-library#154)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.1.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.1.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…ml-5.1.0

chore(deps): bump js-yaml from 5.0.0 to 5.1.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.61.1 to 8.62.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/eslint-plugin-8.62.0

chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.61.1 to 8.62.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.61.1 to 8.62.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.62.0

chore(deps-dev): bump @typescript-eslint/parser from 8.61.1 to 8.62.0
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.4 to 3.9.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.8.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…ier-3.8.5

chore(deps-dev): bump prettier from 3.8.4 to 3.9.1
Bumps [axios](https://github.com/axios/axios) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…-1.18.1

chore(deps): bump axios from 1.18.0 to 1.18.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants