Skip to content

Modernize dependencies and fix vulnerabilities#306

Open
ehuelsmann wants to merge 323 commits into
openapi-library:masterfrom
ehuelsmann:master
Open

Modernize dependencies and fix vulnerabilities#306
ehuelsmann wants to merge 323 commits into
openapi-library:masterfrom
ehuelsmann:master

Conversation

@ehuelsmann

Copy link
Copy Markdown

There are 99+ vulnerabilities reported by Dependabot on my fork. I've been working to fix them. Here's my progress.

ehuelsmann and others added 30 commits April 10, 2026 20:38
…e-validator-patch

Remove stale openapi-response-validator v9 patch (dependency now on v12)
…kflow-for-packages

Add npm publish workflow and scoped package names
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/128f3184-d93e-4445-8c1d-d85874281373

Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ump-script

chore: remove lerna, replace with minimal version bump script
Deleted the stale yarn.lock (which contained ~275 lerna-related entries)
and regenerated it by running `yarn install` against the current
package.json files (no lerna dependency anywhere).

The new lockfile is clean: 6138 lines vs 9278 previously, zero lerna
references.

Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/4a4c9ee0-3527-4cb1-b6ff-0cd3d22f8535

Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-lockfiles

chore: refresh yarn.lock after Lerna removal
feat: ESM-first dual-publish (ESM + CJS) for all packages
chore: migrate monorepo to Yarn Berry (v4) via Corepack
ehuelsmann and others added 30 commits June 22, 2026 08:52
…cript-eslint/eslint-plugin-8.61.1

chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.59.2 to 8.61.1
Bumps [eslint-plugin-chai-friendly](https://github.com/ihordiachenko/eslint-plugin-chai-friendly) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/ihordiachenko/eslint-plugin-chai-friendly/releases)
- [Commits](ihordiachenko/eslint-plugin-chai-friendly@v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-chai-friendly
  dependency-version: 1.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…t-plugin-chai-friendly-1.2.1

chore(deps-dev): bump eslint-plugin-chai-friendly from 1.2.0 to 1.2.1
Bumps the npm_and_yarn group with 1 update in the / directory: [form-data](https://github.com/form-data/form-data).


Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-650b74d069

chore(deps): bump form-data from 4.0.5 to 4.0.6 in the npm_and_yarn group across 1 directory
…dates

Bumps the npm_and_yarn group with 2 updates in the / directory: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [tar](https://github.com/isaacs/node-tar).


Updates `@babel/core` from 7.29.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core)

Updates `tar` from 7.5.13 to 7.5.16
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.13...v7.5.16)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 7.29.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
…nd_yarn-a8388c6e3d

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates
…lert-108-remediation

Remediate Dependabot alert #108 by pinning serialize-javascript to 7.0.5
Pin transitive uuid dependency via resolutions
chore: update uuid resolution to ^9.0.0 (Dependabot alert openapi-library#154)
fix: update uuid resolution to ^11.1.1 (Dependabot alert openapi-library#154)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.1.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.1.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…ml-5.1.0

chore(deps): bump js-yaml from 5.0.0 to 5.1.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.61.1 to 8.62.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/eslint-plugin-8.62.0

chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.61.1 to 8.62.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.61.1 to 8.62.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.62.0

chore(deps-dev): bump @typescript-eslint/parser from 8.61.1 to 8.62.0
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.4 to 3.9.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.8.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…ier-3.8.5

chore(deps-dev): bump prettier from 3.8.4 to 3.9.1
Bumps [axios](https://github.com/axios/axios) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…-1.18.1

chore(deps): bump axios from 1.18.0 to 1.18.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants