Skip to content

Reduce critical/high vulnerabilities from audit #83

Open
Open
Reduce critical/high vulnerabilities from audit#83
Assignees
anthuanvasquez
Labels
area:securitySecurity and dependency riskdependenciesPull requests that update a dependency filepriority:highUrgent workstatus:approvedApproved for implementationstatus:needs-reviewNeeds maintainer review
Milestone
Project Stabilization - Q2 2026
@anthuanvasquez

Description

@anthuanvasquez
anthuanvasquez
opened on Apr 26, 2026

Context

pnpm audit --prod --audit-level high reports critical/high vulnerabilities in transitive dependencies.

Problem

Current dependency graph includes vulnerable packages (examples: simple-git, fast-xml-parser, handlebars, node-forge, vite paths).

Proposed Solution (Phased)

Wave A (low-risk)

  • Patch/minor updates where safe
  • Re-run audit after each package group

Wave B (controlled upgrades)

  • Upgrade framework ecosystem where needed (Nuxt/UI/LangChain stack)
  • Validate runtime and test compatibility

Acceptance Criteria

  • 0 critical vulnerabilities
  • Significant reduction of high vulnerabilities
  • pnpm lint and pnpm test still pass
  • Documented upgrade notes and risks

Notes

Apply small, reviewable commits to isolate breakages quickly.

Metadata

Metadata

Assignees

Labels

area:securitySecurity and dependency riskdependenciesPull requests that update a dependency filepriority:highUrgent workstatus:approvedApproved for implementationstatus:needs-reviewNeeds maintainer review

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions