Modernize dependencies and fix vulnerabilities#306
Open
ehuelsmann wants to merge 331 commits into
Open
Conversation
…lic access Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/deeb2558-e3f8-4456-a4f0-658acbe9dc25 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…kflow-for-packages Add npm publish workflow and scoped package names
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/128f3184-d93e-4445-8c1d-d85874281373 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Bump version to 0.15.0
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/53f20a24-68eb-431f-b8b5-a90ea152ce0e Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ump-script chore: remove lerna, replace with minimal version bump script
Deleted the stale yarn.lock (which contained ~275 lerna-related entries) and regenerated it by running `yarn install` against the current package.json files (no lerna dependency anywhere). The new lockfile is clean: 6138 lines vs 9278 previously, zero lerna references. Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/4a4c9ee0-3527-4cb1-b6ff-0cd3d22f8535 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-lockfiles chore: refresh yarn.lock after Lerna removal
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/98a72cfb-1d67-476f-8f9d-adc25057b7dd Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/b9e4faee-d3a7-4d97-84c9-ac8a60b64264 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
feat: ESM-first dual-publish (ESM + CJS) for all packages
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8da4232e-00ba-4e0a-ac7b-25369b3fd917 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8da4232e-00ba-4e0a-ac7b-25369b3fd917 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8b3df856-fbbe-43c6-8ed5-c1e0d8590139 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/8b3df856-fbbe-43c6-8ed5-c1e0d8590139 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
chore: migrate monorepo to Yarn Berry (v4) via Corepack
…rade mocha Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/37bd618c-668c-4c95-b9b7-c8390e569b85 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…remediation Upgrade chai package mocha to v11 via direct mocha + ts-node registration
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/c234eda1-734f-4ecd-aea4-04663bda9d4e Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/c234eda1-734f-4ecd-aea4-04663bda9d4e Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/aaf3d126-f87a-407c-a8a8-7bbe0cb3c195 Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-security-alerts Remove deprecated request/request-promise support from public API and docs
Update references to the repository *actually* hosting this code.
…lert-108-remediation Remediate Dependabot alert #108 by pinning serialize-javascript to 7.0.5
Pin transitive uuid dependency via resolutions
chore: update uuid resolution to ^9.0.0 (Dependabot alert openapi-library#154)
fix: update uuid resolution to ^11.1.1 (Dependabot alert openapi-library#154)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.1.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@5.0.0...5.1.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ml-5.1.0 chore(deps): bump js-yaml from 5.0.0 to 5.1.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.61.1 to 8.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/eslint-plugin) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.62.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/eslint-plugin-8.62.0 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.61.1 to 8.62.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.61.1 to 8.62.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.62.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.62.0 chore(deps-dev): bump @typescript-eslint/parser from 8.61.1 to 8.62.0
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.4 to 3.9.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.8.4...3.9.1) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.8.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ier-3.8.5 chore(deps-dev): bump prettier from 3.8.4 to 3.9.1
Bumps [axios](https://github.com/axios/axios) from 1.18.0 to 1.18.1. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.18.0...v1.18.1) --- updated-dependencies: - dependency-name: axios dependency-version: 1.18.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…-1.18.1 chore(deps): bump axios from 1.18.0 to 1.18.1
Bumps [globals](https://github.com/sindresorhus/globals) from 17.6.0 to 17.7.0. - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](sindresorhus/globals@v17.6.0...v17.7.0) --- updated-dependencies: - dependency-name: globals dependency-version: 17.7.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ls-17.7.0 chore(deps-dev): bump globals from 17.6.0 to 17.7.0
Bumps [eslint](https://github.com/eslint/eslint) from 10.5.0 to 10.6.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.5.0...v10.6.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.6.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…t-10.6.0 chore(deps-dev): bump eslint from 10.5.0 to 10.6.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.1.0 to 5.2.1. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@5.1.0...5.2.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 5.2.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ml-5.2.1 chore(deps): bump js-yaml from 5.1.0 to 5.2.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.62.0 to 8.63.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.63.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.62.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.62.1 chore(deps-dev): bump @typescript-eslint/parser from 8.62.0 to 8.63.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are 99+ vulnerabilities reported by Dependabot on my fork. I've been working to fix them. Here's my progress.