Skip to content

Update GUI dependencies#549

Merged
tgreenx merged 1 commit into
zonemaster:developfrom
tgreenx:audit-fix
Jun 17, 2026
Merged

Update GUI dependencies#549
tgreenx merged 1 commit into
zonemaster:developfrom
tgreenx:audit-fix

Conversation

@tgreenx

@tgreenx tgreenx commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Purpose

This PR proposes to update GUI dependencies with non-breaking changes.

Context

v2026.1 release testing

Running npm audit on current develop branch shows: 19 vulnerabilities (2 low, 6 moderate, 11 high)
After updating non-breaking changes with npm audit fix (this PR), it now shows: 7 vulnerabilities (1 moderate, 6 high)

Note that attempting to update breaking changes with npm audit fix --force will break most unit tests, so this is not done in this PR. For reference, the following packages in package.json are updated when doing so:

@astrojs/node:                   9.5.1  --> 10.1.4
@astrojs/svelte:                 7.2.2  --> 8.1.2
astro:                           5.16.4 --> 6.4.7
@sveltejs/vite-plugin-svelte:    6.2.1  --> 7.1.2
vite:                            7.2.7  --> 8.0.16

Changes

  • package-lock.json

How to test this PR

Tests should pass.

@tgreenx tgreenx added this to the v2026.1 milestone Jun 17, 2026
@tgreenx tgreenx added V-Patch Versioning: The change gives an update of patch in version. RC-None Release category: Not to be included in Changes file. labels Jun 17, 2026

@matsduf matsduf left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think package.json should be updated too.

@tgreenx

tgreenx commented Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

I think package.json should be updated too.

This contains the direct dependencies yes, but none of them have non-breaking updates apparently (see my comment in the Context section of the PR's description). package-lock.json contains transitive dependencies, and many of those can be updated with non-breaking updates that still resolve several security issues.

@tgreenx

tgreenx commented Jun 17, 2026

Copy link
Copy Markdown
Contributor Author

@tbleckert Hi, could you have a look at this PR? Do you think we should take care of breaking change updates now such as e.g. Astro version (5.16.4 to 6.4.7)? Thanks!

@matsduf matsduf dismissed their stale review June 17, 2026 12:25

Missunderstood.

@tgreenx tgreenx merged commit b604cb2 into zonemaster:develop Jun 17, 2026
1 check passed
@tgreenx tgreenx added RC-Fixes Release category: Fixes. and removed RC-None Release category: Not to be included in Changes file. labels Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

RC-Fixes Release category: Fixes. V-Patch Versioning: The change gives an update of patch in version.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants