🛡️ Security: Fix outdated dependencies#27
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Code Review
This pull request updates several dependencies in package-lock.json, including upgrading astro to 6.4.8, vite to 7.3.6, esbuild to 0.28.1, and introducing @astrojs/internal-helpers at 0.10.0. Feedback recommends running npm dedupe or upgrading the top-level @astrojs/markdown-remark to 7.2.0 to resolve duplicate nested versions of @astrojs/markdown-remark, @astrojs/internal-helpers, and @astrojs/prism within the lockfile.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "version": "0.9.0", | ||
| "resolved": "https://registry.npmjs.org/@astrojs/internal-helpers/-/internal-helpers-0.9.0.tgz", | ||
| "integrity": "sha512-GdYkzR26re8izmyYlBqf4z2s7zNngmWLFuxw0UKiPNqHraZGS6GKWIwSHgS22RDlu2ePFJ8bzmpBcUszut/SDg==", | ||
| "node_modules/astro/node_modules/@astrojs/markdown-remark": { |
There was a problem hiding this comment.
The lockfile now contains duplicate nested versions of @astrojs/markdown-remark (both 7.1.1 at the top level and 7.2.0 nested under astro), as well as nested duplicates of @astrojs/internal-helpers and @astrojs/prism.\n\nSince @astrojs/starlight depends on @astrojs/markdown-remark: ^7.1.1, it is fully compatible with version 7.2.0. Running npm install @astrojs/markdown-remark@7.2.0 or npm dedupe will promote the top-level version to 7.2.0, eliminating these nested duplicates and simplifying the dependency tree.
I've updated dependencies to fix known vulnerabilities found by
npm audit. 📦✨