Modernize dependencies and fix vulnerabilities#306
Open
ehuelsmann wants to merge 284 commits into
Open
Conversation
Bumps [prettier](https://github.com/prettier/prettier) from 2.4.1 to 3.8.2. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@2.4.1...3.8.2) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.8.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [supertest](https://github.com/ladjs/supertest) and [@types/supertest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/supertest). These dependencies needed to be updated together. Updates `supertest` from 6.0.0 to 7.2.2 - [Release notes](https://github.com/ladjs/supertest/releases) - [Commits](forwardemail/supertest@v6.0.0...v7.2.2) Updates `@types/supertest` from 2.0.11 to 7.2.0 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/supertest) --- updated-dependencies: - dependency-name: supertest dependency-version: 7.2.2 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: "@types/supertest" dependency-version: 7.2.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [braces](https://github.com/micromatch/braces). Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…d_yarn-5134b82be1 chore(deps): bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory
Add `yarn build` to both `test:ci` (before format/lint/tests) and `test:coverage` (after clean, before nyc test execution) in packages/chai-openapi-response-validator/package.json. This ensures dist/index.js exists when Node resolves the package entrypoint, eliminating the DEP0128 DeprecationWarning on Node 20. Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/68f751f3-083e-46fa-b04e-4c9e8729f9fa Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Add build:openapi-validator script and call it in test:coverage after cleaning both packages. This ensures dist/index.js exists for both chai-openapi-response-validator and openapi-validator when nyc/mocha runs tests. Also remove redundant initial yarn build from test:ci since test:coverage already performs a clean+build cycle for both packages. Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/7cc5c3e0-6c21-4bd2-b766-c5ac3a1686a8 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
fix: build before tests to eliminate Node 20 DEP0128 warning
…er-3.8.2 chore(deps-dev): bump prettier from 2.4.1 to 3.8.2
…180b1aeb12 chore(deps-dev): bump supertest and @types/supertest
Bumps [chai-http](https://github.com/chaijs/chai-http) from 4.3.0 to 5.1.2. - [Release notes](https://github.com/chaijs/chai-http/releases) - [Changelog](https://github.com/chaijs/chai-http/blob/main/History.md) - [Commits](chaijs/chai-http@4.3.0...5.1.2) --- updated-dependencies: - dependency-name: chai-http dependency-version: 5.1.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/729ee74f-fc45-401d-96fd-699832432382 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ttp-5.1.2 chore(deps-dev): bump chai-http from 4.3.0 to 5.1.2
Bumps [chai](https://github.com/chaijs/chai) from 4.2.0 to 6.2.2. - [Release notes](https://github.com/chaijs/chai/releases) - [Changelog](https://github.com/chaijs/chai/blob/main/History.md) - [Commits](chaijs/chai@4.2.0...v6.2.2) --- updated-dependencies: - dependency-name: chai dependency-version: 6.2.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
….2.2 chore(deps-dev): bump chai from 4.2.0 to 6.2.2
Bumps [openapi-types](https://github.com/kogosoftwarellc/open-api) from 9.2.0 to 12.1.3. - [Release notes](https://github.com/kogosoftwarellc/open-api/releases) - [Commits](kogosoftwarellc/open-api@v9.2.0...v12.1.3) --- updated-dependencies: - dependency-name: openapi-types dependency-version: 12.1.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
This fixes TS2345 errors caused by two incompatible versions of openapi-types being installed: 9.2.0 at root (for openapi-response-validator/openapi-schema-validator) and 12.1.3 locally in packages/openapi-validator/node_modules. With yarn resolutions forcing 12.1.3 everywhere, TypeScript sees a single type source and the incompatibility errors in AbstractOpenApiSpec.ts and openApiSpecFactory.ts are resolved. Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/957b8e67-fe23-496f-85ce-aa4d74c2227d Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…i-types-12.1.3 chore(deps-dev): bump openapi-types from 9.2.0 to 12.1.3
Bumps [eslint-plugin-chai-friendly](https://github.com/ihordiachenko/eslint-plugin-chai-friendly) from 0.6.0 to 1.2.0. - [Release notes](https://github.com/ihordiachenko/eslint-plugin-chai-friendly/releases) - [Commits](ihordiachenko/eslint-plugin-chai-friendly@v0.6.0...v1.2.0) --- updated-dependencies: - dependency-name: eslint-plugin-chai-friendly dependency-version: 1.2.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [express](https://github.com/expressjs/express) and [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express). These dependencies needed to be updated together. Updates `express` from 4.22.0 to 5.2.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.22.0...v5.2.1) Updates `@types/express` from 4.17.13 to 5.0.6 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express) --- updated-dependencies: - dependency-name: express dependency-version: 5.2.1 dependency-type: direct:development update-type: version-update:semver-major - dependency-name: "@types/express" dependency-version: 5.0.6 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…-plugin-chai-friendly-1.2.0 chore(deps-dev): bump eslint-plugin-chai-friendly from 0.6.0 to 1.2.0
Bumps [openapi-response-validator](https://github.com/kogosoftwarellc/open-api) from 9.2.0 to 12.1.3. - [Release notes](https://github.com/kogosoftwarellc/open-api/releases) - [Commits](kogosoftwarellc/open-api@v9.2.0...v12.1.3) --- updated-dependencies: - dependency-name: openapi-response-validator dependency-version: 12.1.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…i-response-validator-12.1.3 chore(deps): bump openapi-response-validator from 9.2.0 to 12.1.3
Potential fix for code scanning alert no. 1: Workflow does not contain permissions
…b251156d90 chore(deps-dev): bump express and @types/express
Change yaml to single quotes which some linters prefer
Bumps [@types/superagent](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/superagent) from 8.1.9 to 8.1.10. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/superagent) --- updated-dependencies: - dependency-name: "@types/superagent" dependency-version: 8.1.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/superagent-8.1.10 chore(deps): bump @types/superagent from 8.1.9 to 8.1.10
Declare ESLint import plugin
Import CJS/ESM agnostic
Use tsx to compile types
Bumps [@types/chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chai) from 4.3.20 to 5.2.3. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chai) --- updated-dependencies: - dependency-name: "@types/chai" dependency-version: 5.2.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…chai-5.2.3 chore(deps-dev): bump @types/chai from 4.3.20 to 5.2.3
Remove additional DTS build
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ript-6.0.3 chore(deps-dev): bump typescript from 5.9.3 to 6.0.3
Rely on tsconfig.json -- don't override settings in package.json
Remove empty forwarder module
Resolve linter warning about spurious warning suppression
…orwarder Now that the empty forwarder module is deleted, adjust 'rootDir'
* Update package version(s) to v0.18.0 -- due to upgrade to TS6 * Update package version(s) to 0.18.0 -- because v0.18.0 isn't acceptable * Update package version(s) to 0.18.0 -- because v0.18.0 isn't acceptable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are 99+ vulnerabilities reported by Dependabot on my fork. I've been working to fix them. Here's my progress.