Modernize dependencies and fix vulnerabilities#306
Open
ehuelsmann wants to merge 323 commits into
Open
Conversation
…ullish coalescing Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/6bb60f01-b6bf-43d6-8790-f5a5dd53275f Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…e-validator-patch Remove stale openapi-response-validator v9 patch (dependency now on v12)
…ructions Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8461a199-2928-4262-83df-576c0ecbbb6d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ible to Node Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8461a199-2928-4262-83df-576c0ecbbb6d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/5f5bd44a-5ee4-4be9-8fbf-a85bc4b712a4 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/120991e6-2336-4a24-9b67-65208af2efed Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…lic access Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/deeb2558-e3f8-4456-a4f0-658acbe9dc25 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…kflow-for-packages Add npm publish workflow and scoped package names
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/128f3184-d93e-4445-8c1d-d85874281373 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Bump version to 0.15.0
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/53f20a24-68eb-431f-b8b5-a90ea152ce0e Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ump-script chore: remove lerna, replace with minimal version bump script
Deleted the stale yarn.lock (which contained ~275 lerna-related entries) and regenerated it by running `yarn install` against the current package.json files (no lerna dependency anywhere). The new lockfile is clean: 6138 lines vs 9278 previously, zero lerna references. Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/4a4c9ee0-3527-4cb1-b6ff-0cd3d22f8535 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-lockfiles chore: refresh yarn.lock after Lerna removal
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/98a72cfb-1d67-476f-8f9d-adc25057b7dd Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/b9e4faee-d3a7-4d97-84c9-ac8a60b64264 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
feat: ESM-first dual-publish (ESM + CJS) for all packages
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8da4232e-00ba-4e0a-ac7b-25369b3fd917 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8da4232e-00ba-4e0a-ac7b-25369b3fd917 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8b3df856-fbbe-43c6-8ed5-c1e0d8590139 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8b3df856-fbbe-43c6-8ed5-c1e0d8590139 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
chore: migrate monorepo to Yarn Berry (v4) via Corepack
…rade mocha Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/37bd618c-668c-4c95-b9b7-c8390e569b85 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…cript-eslint/eslint-plugin-8.61.1 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.59.2 to 8.61.1
Bumps [eslint-plugin-chai-friendly](https://github.com/ihordiachenko/eslint-plugin-chai-friendly) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/ihordiachenko/eslint-plugin-chai-friendly/releases) - [Commits](ihordiachenko/eslint-plugin-chai-friendly@v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: eslint-plugin-chai-friendly dependency-version: 1.2.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…t-plugin-chai-friendly-1.2.1 chore(deps-dev): bump eslint-plugin-chai-friendly from 1.2.0 to 1.2.1
Bumps the npm_and_yarn group with 1 update in the / directory: [form-data](https://github.com/form-data/form-data). Updates `form-data` from 4.0.5 to 4.0.6 - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.5...v4.0.6) --- updated-dependencies: - dependency-name: form-data dependency-version: 4.0.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-650b74d069 chore(deps): bump form-data from 4.0.5 to 4.0.6 in the npm_and_yarn group across 1 directory
…dates Bumps the npm_and_yarn group with 2 updates in the / directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [tar](https://github.com/isaacs/node-tar). Updates `@babel/core` from 7.29.0 to 7.29.7 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core) Updates `tar` from 7.5.13 to 7.5.16 - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.13...v7.5.16) --- updated-dependencies: - dependency-name: "@babel/core" dependency-version: 7.29.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar dependency-version: 7.5.16 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-a8388c6e3d chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates
…lert-108-remediation Remediate Dependabot alert #108 by pinning serialize-javascript to 7.0.5
Pin transitive uuid dependency via resolutions
chore: update uuid resolution to ^9.0.0 (Dependabot alert openapi-library#154)
fix: update uuid resolution to ^11.1.1 (Dependabot alert openapi-library#154)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.1.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@5.0.0...5.1.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ml-5.1.0 chore(deps): bump js-yaml from 5.0.0 to 5.1.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.61.1 to 8.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.62.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/eslint-plugin-8.62.0 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.61.1 to 8.62.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.61.1 to 8.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.62.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.62.0 chore(deps-dev): bump @typescript-eslint/parser from 8.61.1 to 8.62.0
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.4 to 3.9.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.4...3.9.1) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.8.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ier-3.8.5 chore(deps-dev): bump prettier from 3.8.4 to 3.9.1
Bumps [axios](https://github.com/axios/axios) from 1.18.0 to 1.18.1. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.18.0...v1.18.1) --- updated-dependencies: - dependency-name: axios dependency-version: 1.18.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…-1.18.1 chore(deps): bump axios from 1.18.0 to 1.18.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are 99+ vulnerabilities reported by Dependabot on my fork. I've been working to fix them. Here's my progress.