Skip to content

fix: resolve npm vulns and unbreak nix dev shell#112

Open
tembleking wants to merge 1 commit into
masterfrom
fix-vulns
Open

fix: resolve npm vulns and unbreak nix dev shell#112
tembleking wants to merge 1 commit into
masterfrom
fix-vulns

Conversation

@tembleking

@tembleking tembleking commented Jun 9, 2026

Copy link
Copy Markdown
Member

fast-uri and tmp had high-severity path traversal advisories; npm update + npm audit fix clears both (found 0 vulnerabilities).

The nixpkgs bump in just update dropped the nodePackages set, breaking the dev shell. Moved typescript-language-server and eslint to top-level pkgs so it builds again.

Also rolls in the routine just update bumps: cli-scanner 1.26 -> 1.27, pinned action SHAs (pinact), and flake.lock.

114/114 tests pass, dist/ regenerated.

@tembleking
fix: resolve npm vulns and unbreak nix dev shell
c193e0a 
fast-uri and tmp had high-severity path traversal advisories; npm update
+ audit fix clears both. nixpkgs bump dropped the nodePackages set, so
typescript-language-server and eslint move to top-level pkgs to keep the
dev shell buildable. Includes routine just-update bumps (cli-scanner 1.27,
pinned action SHAs, flake.lock).
@tembleking tembleking requested a review from a team as a code owner June 9, 2026 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tembleking