Skip to content

Fix: Security vulnerability and dependency updates#209

Open
0xAxiom wants to merge 3 commits intomainfrom
fix/security-and-deps-update-march-18
Open

Fix: Security vulnerability and dependency updates#209
0xAxiom wants to merge 3 commits intomainfrom
fix/security-and-deps-update-march-18

Conversation

@0xAxiom
Copy link
Owner

@0xAxiom 0xAxiom commented Mar 18, 2026

What

  • Fixed high severity security vulnerability in flatted package (unbounded recursion DoS)
  • Updated critical dependencies to latest stable versions
  • Resolved all npm audit security warnings

Why

  • High severity security vulnerability needed immediate attention
  • Outdated dependencies pose security and compatibility risks
  • @anthropic-ai/sdk was significantly outdated (0.32.1 → latest)

Changes

  • Security: Fixed flatted vulnerability via npm audit fix
  • Dependencies: Updated vitest, coverage tools, linting tools
  • CLI: Updated @anthropic-ai/sdk, commander, dotenv, inquirer, ora
  • Quality: All lint-staged hooks pass, zero vulnerabilities remain

Tested

  • ✅ npm audit: 0 vulnerabilities
  • ✅ npm run lint: passes
  • ✅ All packages install cleanly
  • ✅ CI tooling (lint-staged, prettier) works correctly

This addresses critical security issues and brings key dependencies up to date without breaking changes.

@0xAxiom
fix: resolve security vulnerability and update key dependencies
329d621 
- Fixed high severity flatted vulnerability (unbounded recursion DoS)
- Updated vitest and coverage tools to latest stable versions
- Updated linting tools (eslint, typescript-eslint, lint-staged)
- Updated @anthropic-ai/sdk from 0.32.1 to latest for CLI
- Updated other CLI dependencies (commander, dotenv, inquirer, ora)
- All security vulnerabilities resolved
@0xAxiom 0xAxiom requested a review from MeltedMindz as a code owner March 18, 2026 18:10
0xAxiom added 2 commits March 18, 2026 12:23
@0xAxiom
fix: remove stale submodule reference for base-whale-watch
9b16ca2 
- Remove base-whale-watch from git submodules tracking
- Add directory as regular files to fix CI submodule errors
- Resolves submodule path not found error in .gitmodules
@0xAxiom
fix: add gitkeep file for base-whale-watch directory
231a1a3 
- Add .gitkeep to maintain directory structure
- Complete submodule cleanup for CI stability
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MeltedMindz MeltedMindz Awaiting requested review from MeltedMindz MeltedMindz is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xAxiom