openapix icon indicating copy to clipboard operation
openapix copied to clipboard
verified publisher icon alma-cdk

chore(deps): Upgrading semver for vulnerability fix

Open arstulke opened this issue 3 months ago • 1 comments

Fixes #67.

  • I didn't upgrade projen and CDK because of breaking changes in JSII.
  • This project still depends on vulnerable versions of aws-cdk-lib, brace-expansion, semver and yaml but only in dev or peer dependencies.
  • Hopefully the JS package doesn't depend on vulnerable versions (I could only test via local install of the .tar.gz file). Can you build and deploy a beta version for this branch, so I can verify using npm audit?
  • I created multiple small commits to make them easier to follow. If the changes are approved, I can also squash the commits for a clearer history, if you want to.

arstulke avatar Sep 26 '25 13:09 arstulke

Can someone build and deploy a beta version for this PR, so I can verify the change using npm audit?

arstulke-btc avatar Oct 20 '25 09:10 arstulke-btc