dotenv-vscode icon indicating copy to clipboard operation
dotenv-vscode copied to clipboard
verified publisher icon dotenv-org

Update npm dependencies to fix security vulnerabilities

Open pete-the-pete opened this issue 2 months ago • 0 comments

Description

Update package-lock.json to address npm audit security vulnerabilities and update transitive dependencies to their latest patched versions.

Changes

  • Remove unused @ungap/promise-all-settled dependency
  • Update vulnerable dependencies to patched versions:
    • ansi-colors 4.1.1 → 4.1.3
    • brace-expansion 1.1.11 → 1.1.12
    • braces 3.0.2 → 3.0.3
    • cross-spawn 7.0.3 → 7.0.6
    • debug 4.3.4 → 4.4.3
    • diff 5.0.0 → 5.2.0
  • Add proper license field metadata to dependencies
  • Update supporting library dependencies for compatibility

Impact

  • Addresses npm audit security warnings
  • Improves supply chain security by updating to patched versions
  • No breaking changes to extension functionality

pete-the-pete avatar Jan 10 '26 01:01 pete-the-pete