Skip to content

Comments

Upgrade dependencies to address npm audit warnings; merge lodash dependencies#575

Merged
iadawn merged 3 commits intomainfrom
kgf-audit-20260217
Feb 19, 2026
Merged

Upgrade dependencies to address npm audit warnings; merge lodash dependencies#575
iadawn merged 3 commits intomainfrom
kgf-audit-20260217

Conversation

@kfranqueiro
Copy link
Contributor

This performs the following updates:

  • Updates Astro to latest 5.15.x to address audit warning
    • I am intentionally restricting to within this minor version for 2 reasons:
      • Astro has recently begun merging LLM-generated PRs, which IMO warrants heavier auditing
      • The latest versions will require resolving conflicts in the patch this repo applies for better glob feature support within content collections
  • Updates other Astro-related dependencies to latest (after reviewing their changelogs)
  • Migrates lodash-es usage to lodash, because while the former might be marginally more efficient for our purposes, the latter has been indirectly introduced in recent versions of @astrojs/check, so we might as well only install one of them
  • Forces @astrojs/check to use the most recent version of lodash, which addresses a vulnerability

I verified that this causes no change in build output.

@kfranqueiro kfranqueiro requested a review from iadawn February 17, 2026 18:36
@netlify
Copy link

netlify bot commented Feb 17, 2026

Deploy Preview for wcag3 ready!

Name Link
🔨 Latest commit 5869175
🔍 Latest deploy log https://app.netlify.com/projects/wcag3/deploys/6994b530b2340e00080112bc
😎 Deploy Preview https://deploy-preview-575--wcag3.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Feb 17, 2026

Deploy Preview for wcag3-howtos canceled.

Name Link
🔨 Latest commit 5869175
🔍 Latest deploy log https://app.netlify.com/projects/wcag3-howtos/deploys/6994b530f7a3e20008020cfb

@iadawn iadawn merged commit 4dcb92f into main Feb 19, 2026
10 checks passed
@kfranqueiro kfranqueiro deleted the kgf-audit-20260217 branch February 19, 2026 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants