Skip to content

chore(deps): sweep dependencies + fix postcss XSS advisory#866

Merged
EmersonBraun merged 1 commit into
mainfrom
chore/deps-sweep-2026-05-14
May 19, 2026
Merged

chore(deps): sweep dependencies + fix postcss XSS advisory#866
EmersonBraun merged 1 commit into
mainfrom
chore/deps-sweep-2026-05-14

Conversation

@EmersonBraun
Copy link
Copy Markdown
Collaborator

@EmersonBraun EmersonBraun commented May 19, 2026

Summary

  • Bump third-party deps (and dev deps) to latest across all packages via pnpm up -r --latest
  • Fix moderate PostCSS XSS advisory GHSA-qx2v-qp2m-jg93 reaching the tree transitively through next > postcss — added pnpm override postcss: ">=8.5.15". pnpm audit now reports No known vulnerabilities found
  • Hold packages/ink on marked@^15: marked@18 breaks the marked-terminal@7.3.0 peer (marked >=1 <16) and no compatible marked-terminal major exists yet

Bumped: fumadocs-ui/mdx/core, postcss, @types/node, motion, svelte, @cloudflare/workers-types, braintrust, solid-js, tsx.

No public API changes — changeset records a patch bump across 21 packages.

Test plan

  • pnpm build — exit 0
  • pnpm test — all pass
  • turbo run lint — 49/49 successful
  • pnpm audit — clean

@vercel
Copy link
Copy Markdown

vercel Bot commented May 19, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agentskit-doc Ready Ready Preview, Comment May 19, 2026 4:58pm

@EmersonBraun
chore(deps): sweep dependencies + fix postcss XSS advisory
325cb82 
Bump third-party deps to latest across all packages. Add pnpm override
postcss>=8.5.15 to remediate GHSA-qx2v-qp2m-jg93 (transitive via
next>postcss); pnpm audit now clean. Keep marked at ^15 — marked@18
breaks marked-terminal@7.3.0 peer (marked >=1 <16).

Verified: pnpm build, pnpm test, turbo run lint all green.
@EmersonBraun EmersonBraun force-pushed the chore/deps-sweep-2026-05-14 branch from da34e7e to 325cb82 Compare May 19, 2026 16:49
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 19, 2026

Lighthouse

URL Performance Accessibility Best practices SEO
https://agentskit-pxcdcpgqt-noxcodes-projects-e133741c.vercel.app/?x-vercel-protection-bypass=&x-vercel-set-bypass-cookie=true 50 91 100 69
https://agentskit-pxcdcpgqt-noxcodes-projects-e133741c.vercel.app/docs?x-vercel-protection-bypass=&x-vercel-set-bypass-cookie=true 83 100 100 66
https://agentskit-pxcdcpgqt-noxcodes-projects-e133741c.vercel.app/docs/get-started/getting-started/quickstart?x-vercel-protection-bypass=&x-vercel-set-bypass-cookie=true 71 96 100 66
https://agentskit-pxcdcpgqt-noxcodes-projects-e133741c.vercel.app/stack?x-vercel-protection-bypass=&x-vercel-set-bypass-cookie=true 65 91 100 66
https://agentskit-pxcdcpgqt-noxcodes-projects-e133741c.vercel.app/showcase?x-vercel-protection-bypass=&x-vercel-set-bypass-cookie=true 65 89 96 66

Run by .github/workflows/lighthouse.yml.

@EmersonBraun EmersonBraun merged commit 419acbd into main May 19, 2026
14 checks passed
@EmersonBraun EmersonBraun deleted the chore/deps-sweep-2026-05-14 branch May 19, 2026 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@EmersonBraun