🛡️ Security: Fix outdated dependencies#5
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates several dependencies in the package-lock.json file, including upgrading astro to version 6.4.8, esbuild to 0.28.1, and vite to 7.3.5. The review feedback highlights that duplicate versions of @astrojs/markdown-remark and @astrojs/prism have been introduced in the lockfile, and recommends running npm dedupe or npm update to consolidate these dependencies and keep the lockfile clean.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "node_modules/astro/node_modules/@astrojs/markdown-remark": { | ||
| "version": "7.2.0", | ||
| "resolved": "https://registry.npmjs.org/@astrojs/markdown-remark/-/markdown-remark-7.2.0.tgz", |
There was a problem hiding this comment.
There are duplicate versions of @astrojs/markdown-remark and @astrojs/prism introduced in the lockfile. Currently, the top level has @astrojs/markdown-remark at 7.1.1 and @astrojs/prism at 4.0.1, while astro has nested duplicates at 7.2.0 and 4.0.2 respectively. Since @astrojs/starlight depends on @astrojs/markdown-remark: ^7.1.1, both can be resolved to the latest 7.2.0 version at the top level. Running npm dedupe or npm update will consolidate these dependencies, eliminating the duplicate nested packages and keeping the lockfile clean.
1 participant
I've updated dependencies to fix known vulnerabilities found by
npm audit. 📦✨