Skip to content

Update npm dependencies to fix security vulnerabilities #116

New issue
New issue
Open
#117
Open
Update npm dependencies to fix security vulnerabilities#116
#117
@pete-the-pete

Description

@pete-the-pete
pete-the-pete
opened on Jan 10, 2026

Description

Update package-lock.json to address npm audit security vulnerabilities and update transitive dependencies to their latest patched versions.

Changes

  • Remove unused @ungap/promise-all-settled dependency
  • Update vulnerable dependencies to patched versions:
    • ansi-colors 4.1.1 → 4.1.3
    • brace-expansion 1.1.11 → 1.1.12
    • braces 3.0.2 → 3.0.3
    • cross-spawn 7.0.3 → 7.0.6
    • debug 4.3.4 → 4.4.3
    • diff 5.0.0 → 5.2.0
  • Add proper license field metadata to dependencies
  • Update supporting library dependencies for compatibility

Impact

  • Addresses npm audit security warnings
  • Improves supply chain security by updating to patched versions
  • No breaking changes to extension functionality

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions