🛡️ Security: Fix outdated dependencies#26
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Code Review
This pull request updates several project dependencies in package-lock.json, including upgrading astro to version 6.4.8, esbuild to 0.28.1, and vite to 7.3.6. Feedback on these changes highlights a duplication of the @astrojs/markdown-remark dependency in the dependency tree, where a nested version 7.2.0 is installed alongside a top-level version 7.1.1. It is recommended to run npm update @astrojs/markdown-remark to deduplicate this dependency and reduce the node_modules size.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "node_modules/astro/node_modules/@astrojs/markdown-remark": { | ||
| "version": "7.2.0", |
There was a problem hiding this comment.
The dependency @astrojs/markdown-remark is now duplicated in the dependency tree. astro uses version 7.2.0 (installed nested under node_modules/astro/node_modules/@astrojs/markdown-remark), while the top-level @astrojs/markdown-remark remains at version 7.1.1 (used by @astrojs/starlight).\n\nSince @astrojs/starlight depends on @astrojs/markdown-remark: ^7.1.1, version 7.2.0 satisfies this constraint. You can deduplicate these dependencies and remove the nested installation by running:\n\nbash\nnpm update @astrojs/markdown-remark\n\n\nThis will update the top-level @astrojs/markdown-remark to 7.2.0 and allow both packages to share a single installation, reducing the node_modules size and avoiding duplicate transitive dependencies (like remark-*, rehype-*, unified, etc.).
I've updated dependencies to fix known vulnerabilities found by
npm audit. 📦✨