Skip to content

Commit 86485ab

Browse files
piti6claude
piti6
and
claude
committed
fix: upgrade npm dependencies to address security vulnerabilities
- grunt 1.1.0 -> 1.6.1 (fixes critical: arbitrary code execution, path traversal) - grunt-cli 1.2.0 -> 1.5.0 (fixes moderate CVE) - grunt-contrib-clean 2.0.0 -> 2.0.1 - js-yaml 3.13.1 -> 4.1.1 (fixes prototype pollution, safeLoad -> load) - Pin all versions for stability (remove ^ ranges) - Add overrides for transitive deps: minimatch, brace-expansion, ansi-regex - Reduces vulnerabilities from 22 to 4 (remaining are unfixable lodash in grunt) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 19afaeb commit 86485ab

3 files changed

Lines changed: 1155 additions & 1850 deletions

File tree

Gruntfile.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ const reviewTextMaker = `${reviewPrefix}rake text ${reviewPostfix}`;
1717
const reviewIDGXMLMaker = `${reviewPrefix}rake idgxml ${reviewPostfix}`;
1818
const reviewVivliostyle = `${reviewPrefix}rake vivliostyle ${reviewPostfix}`;
1919

20-
const bookConfig = yaml.safeLoad(fs.readFileSync(`${articles}/${reviewConfig}`, "utf8"));
20+
const bookConfig = yaml.load(fs.readFileSync(`${articles}/${reviewConfig}`, "utf8"));
2121

2222
module.exports = grunt => {
2323
grunt.initConfig({

0 commit comments

Comments
 (0)