Skip to content

Modernize dependencies and fix vulnerabilities#306

Open
ehuelsmann wants to merge 331 commits into
openapi-library:masterfrom
ehuelsmann:master
Open

Modernize dependencies and fix vulnerabilities#306
ehuelsmann wants to merge 331 commits into
openapi-library:masterfrom
ehuelsmann:master

Conversation

@ehuelsmann

Copy link
Copy Markdown

There are 99+ vulnerabilities reported by Dependabot on my fork. I've been working to fix them. Here's my progress.

Copilot AI and others added 27 commits April 10, 2026 20:30
…kflow-for-packages

Add npm publish workflow and scoped package names
Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/128f3184-d93e-4445-8c1d-d85874281373

Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…ump-script

chore: remove lerna, replace with minimal version bump script
Deleted the stale yarn.lock (which contained ~275 lerna-related entries)
and regenerated it by running `yarn install` against the current
package.json files (no lerna dependency anywhere).

The new lockfile is clean: 6138 lines vs 9278 previously, zero lerna
references.

Agent-Logs-Url: https://github.com/ehuelsmann/OpenAPIValidators/sessions/4a4c9ee0-3527-4cb1-b6ff-0cd3d22f8535

Co-authored-by: ehuelsmann <2326559+ehuelsmann@users.noreply.github.com>
…-lockfiles

chore: refresh yarn.lock after Lerna removal
feat: ESM-first dual-publish (ESM + CJS) for all packages
chore: migrate monorepo to Yarn Berry (v4) via Corepack
…remediation

Upgrade chai package mocha to v11 via direct mocha + ts-node registration
…-security-alerts

Remove deprecated request/request-promise support from public API and docs
Copilot AI and others added 30 commits June 25, 2026 06:21
…lert-108-remediation

Remediate Dependabot alert #108 by pinning serialize-javascript to 7.0.5
Pin transitive uuid dependency via resolutions
chore: update uuid resolution to ^9.0.0 (Dependabot alert openapi-library#154)
fix: update uuid resolution to ^11.1.1 (Dependabot alert openapi-library#154)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.0.0 to 5.1.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.0.0...5.1.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…ml-5.1.0

chore(deps): bump js-yaml from 5.0.0 to 5.1.0
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.61.1 to 8.62.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/eslint-plugin)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/eslint-plugin-8.62.0

chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.61.1 to 8.62.0
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.61.1 to 8.62.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.62.0

chore(deps-dev): bump @typescript-eslint/parser from 8.61.1 to 8.62.0
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.4 to 3.9.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.4...3.9.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.8.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…ier-3.8.5

chore(deps-dev): bump prettier from 3.8.4 to 3.9.1
Bumps [axios](https://github.com/axios/axios) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…-1.18.1

chore(deps): bump axios from 1.18.0 to 1.18.1
Bumps [globals](https://github.com/sindresorhus/globals) from 17.6.0 to 17.7.0.
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](sindresorhus/globals@v17.6.0...v17.7.0)

---
updated-dependencies:
- dependency-name: globals
  dependency-version: 17.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…ls-17.7.0

chore(deps-dev): bump globals from 17.6.0 to 17.7.0
Bumps [eslint](https://github.com/eslint/eslint) from 10.5.0 to 10.6.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.5.0...v10.6.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 10.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…t-10.6.0

chore(deps-dev): bump eslint from 10.5.0 to 10.6.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 5.1.0 to 5.2.1.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@5.1.0...5.2.1)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…ml-5.2.1

chore(deps): bump js-yaml from 5.1.0 to 5.2.1
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.62.0 to 8.63.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.63.0/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…cript-eslint/parser-8.62.1

chore(deps-dev): bump @typescript-eslint/parser from 8.62.0 to 8.63.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants