Skip to content

chore(deps): security audit fix (0 → 0 advisories)#213

Closed
base44-github-actions[bot] wants to merge 1 commit into
mainfrom
chore/security-audit-fix
Closed

chore(deps): security audit fix (0 → 0 advisories)#213
base44-github-actions[bot] wants to merge 1 commit into
mainfrom
chore/security-audit-fix

Conversation

@base44-github-actions

Copy link
Copy Markdown

Automated dependency security fix

Advisories: 0 → 0 (audit run with --min-release-age=7).

The repo had no open advisories before this run and has none after. The only
change is a package-lock.json normalization (net −30 lines) produced when the
engine reinstalled the dependency tree during the audit. No production or dev
dependency version that ships or builds was altered in a way that changes resolved
versions meaningfully — this is lockfile hygiene, not a vulnerability remediation.

Role: library. This is a published SDK. Production deps reach consumers;
devDeps (vitest, eslint, typedoc, etc.) never ship, and a library lockfile does
not propagate downstream to consumers.

Consumer-facing fixes (production deps)

none — no advisories to fix

Dev-only tooling fixes

none — no advisories to fix

Exception bumps (reviewed cooldown overrides)

none

⚠️ Needs a human decision (not auto-fixed)

none

These items — when present — are also tracked in the standing issue
🔒 Dependency advisories needing manual action (maintained automatically by a
separate step) so they don't get lost if this PR merges. There are none this run.
As always, do not run npm audit fix --force on this repo — neverAutoFix
packages (react-quill, quill) would be downgraded to broken releases.

Cooldown integrity

All changes respect the 7-day cooldown (--min-release-age=7). No cooldown
violations were reported and no exception bumps were needed.

Verification

  • build: pass
  • test: pass

✅ Build and test pass, cooldown respected, and no advisories outstanding. Safe to
merge as routine lockfile maintenance.

🤖 Opened by dependency-security-bot

Applied with --min-release-age=7. See .audit/result.json.
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🚀 Package Preview Available!


Install this PR's preview build with npm:

npm i @base44-preview/sdk@0.8.35-pr.213.b3debb7

Prefer not to change any import paths? Install using npm alias so your code still imports @base44/sdk:

npm i "@base44/sdk@npm:@base44-preview/sdk@0.8.35-pr.213.b3debb7"

Or add it to your package.json dependencies:

{
  "dependencies": {
    "@base44/sdk": "npm:@base44-preview/sdk@0.8.35-pr.213.b3debb7"
  }
}

Preview published to npm registry — try new features instantly!

@yurynix

yurynix commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Auto-closing: this PR fixed 0 advisories (incidental lockfile churn only). The bot's PR-gate is being fixed to only open PRs when advisories actually decrease.

@yurynix yurynix closed this Jul 1, 2026
@yurynix yurynix deleted the chore/security-audit-fix branch July 1, 2026 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant