Skip to content

🛡️ Security: Fix outdated dependencies#28

Open
TheRealAshik wants to merge 1 commit into
masterfrom
security/fix-dependencies-202607140243
Open

🛡️ Security: Fix outdated dependencies#28
TheRealAshik wants to merge 1 commit into
masterfrom
security/fix-dependencies-202607140243

Conversation

@TheRealAshik

Copy link
Copy Markdown
Owner

I've updated dependencies to fix known vulnerabilities found by npm audit. 📦✨

@vercel

vercel Bot commented Jul 14, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
hsc Ready Ready Preview, Comment Jul 14, 2026 2:44am

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates several dependencies in package-lock.json, including upgrading astro to 6.4.8, esbuild to 0.28.1, and vite to 7.3.6. Feedback on these changes suggests running 'npm dedupe' to resolve duplicate nested installations of @astrojs/markdown-remark and its dependencies, which would align the top-level and nested versions to 7.2.0 and reduce the lockfile size.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread package-lock.json
"version": "0.9.0",
"resolved": "https://registry.npmjs.org/@astrojs/internal-helpers/-/internal-helpers-0.9.0.tgz",
"integrity": "sha512-GdYkzR26re8izmyYlBqf4z2s7zNngmWLFuxw0UKiPNqHraZGS6GKWIwSHgS22RDlu2ePFJ8bzmpBcUszut/SDg==",
"node_modules/astro/node_modules/@astrojs/markdown-remark": {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

There is an opportunity to deduplicate @astrojs/markdown-remark and its dependencies. Currently, @astrojs/markdown-remark is resolved at version 7.1.1 at the top level (required by @astrojs/starlight's constraint ^7.1.1), while astro strictly requires version 7.2.0. This causes npm to install a duplicate nested instance of @astrojs/markdown-remark at version 7.2.0 under astro/node_modules (along with its nested dependencies like @astrojs/prism). Since 7.2.0 satisfies @astrojs/starlight's constraint of ^7.1.1, you can deduplicate these by running npm dedupe. This will update the top-level @astrojs/markdown-remark to 7.2.0 and allow both packages to share a single instance, removing the nested duplicate and reducing the lockfile size.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant