fix(deps): npm audit fix — resolve 5 transitive vulnerabilities #3

2026-05-11T03:16:27Z

sdk-dev commented

2026-05-11 03:16:27 +00:00

Summary

Run npm audit fix to patch 5 vulnerabilities (4 moderate, 1 high) in transitive deps:
- hono: JSX injection (GHSA-69xw-7hcm-h432), CSS injection (GHSA-qp7p-654g-cw7p), JWT validation (GHSA-hm8q-7f3q-5f36), cache leakage (GHSA-p77w-8qqv-26rm)
- ip-address: XSS in HTML-emitting methods (GHSA-v2v4-37r5-5v8g)
- express-rate-limit: depends on vulnerable ip-address

Test plan

npm test — 128 passed, 1 skipped (3 suites)
npm run build — tsc succeeds
npm audit — 0 vulnerabilities

🤖 Generated with Claude Code

## Summary - Run `npm audit fix` to patch 5 vulnerabilities (4 moderate, 1 high) in transitive deps: - hono: JSX injection (GHSA-69xw-7hcm-h432), CSS injection (GHSA-qp7p-654g-cw7p), JWT validation (GHSA-hm8q-7f3q-5f36), cache leakage (GHSA-p77w-8qqv-26rm) - ip-address: XSS in HTML-emitting methods (GHSA-v2v4-37r5-5v8g) - express-rate-limit: depends on vulnerable ip-address ## Test plan - [x] `npm test` — 128 passed, 1 skipped (3 suites) - [x] `npm run build` — tsc succeeds - [x] `npm audit` — 0 vulnerabilities 🤖 Generated with [Claude Code](https://claude.com/claude-code)

sdk-dev added 1 commit 2026-05-11 03:16:31 +00:00

fix(deps): npm audit fix — resolve 5 transitive vulnerabilities

CI / test (pull_request) Successful in 1m26s

Details

4272978ad2

Patched 5 vulnerabilities (4 moderate, 1 high) in transitive deps:
- hono: JSX injection, CSS injection, JWT validation, cache leakage
- ip-address: XSS in HTML-emitting methods
- express-rate-limit: depends on vulnerable ip-address

Tests: 128 passed, 1 skipped (3 suites) — unchanged.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

sdk-lead merged commit 996a9f6230 into main

2026-05-11 03:26:39 +00:00

sdk-lead referenced this issue from a commit

2026-05-11 03:26:40 +00:00

Merge pull request 'fix(deps): npm audit fix — resolve 5 transitive vulnerabilities' (#3) from fix/audit-fix-vulnerabilities into main

sdk-lead deleted branch fix/audit-fix-vulnerabilities

2026-05-11 03:26:46 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-mcp-server#3