Skip to content

Reminder for npm audit fix #1357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Sep 18, 2025
Merged

Reminder for npm audit fix #1357

merged 7 commits into from
Sep 18, 2025

Conversation

@Yang-33
Copy link
Contributor

@Yang-33 Yang-33 commented Aug 5, 2025
edited
Loading

Most npm package alerts can be fixed automatically with npm audit fix --force (it is not perfect, so some manual work is still required).
Because we cannot use a GitHub App token, a reminder should be enough. Automatically creating PRs would be pointless, because the CI jobs will not run, and it may be old(=merging may not resolve all issues)

For now, let's create a reminder as an issue. We review issues regularly, so this should be sufficient.

@Yang-33 Yang-33 changed the title NO-ISSUE Reminder for npm audit fix Reminder for npm audit fix Aug 5, 2025
@Yang-33 Yang-33 mentioned this pull request Aug 5, 2025
Merged
@Yang-33 Yang-33 marked this pull request as ready for review August 5, 2025 10:04
@Yang-33 Yang-33 requested a review from a team August 5, 2025 10:05
@Yang-33
Copy link
Contributor Author

Yang-33 commented Aug 5, 2025

blockers to merge this change(no blocker for review)

eucyt
eucyt approved these changes Aug 5, 2025
View reviewed changes
Copy link
Contributor

@eucyt eucyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you 🙇

@Yang-33 Yang-33 mentioned this pull request Sep 14, 2025
Merged
@Yang-33
Copy link
Contributor Author

Yang-33 commented Sep 18, 2025

This change will be merged after #1392 is merged

github-merge-queue bot pushed a commit that referenced this pull request Sep 18, 2025
@Yang-33
Update package-lock.json to apply result by npm run audit (#1392)
0073d94 
## Changes
This change resolves all npm audit issues as of now. Even with
#1357, this change won't
report issue.

ESBuild dependency(though we don't use...) is forcibly upgraded to avoid
secrutiy issue.
@Yang-33 Yang-33 added this pull request to the merge queue Sep 18, 2025
Merged via the queue into master with commit 48cb91b Sep 18, 2025
12 checks passed
@Yang-33 Yang-33 deleted the reminder-for-npm-audit branch September 18, 2025 05:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eucyt eucyt eucyt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Yang-33 @eucyt