Skip to content

fix(deps): bump jsonld 8→9 to clear the undici high advisory#8

Merged
bdelanghe merged 1 commit into
mainfrom
conformance/fix-undici-advisory
Jun 29, 2026
Merged

fix(deps): bump jsonld 8→9 to clear the undici high advisory#8
bdelanghe merged 1 commit into
mainfrom
conformance/fix-undici-advisory

Conversation

@bdelanghe

@bdelanghe bdelanghe commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Dogfooding: the kit's own vuln gate (#7) flagged a high advisory in the kit's production deps — undici (unbounded decompression chain in HTTP responses), pulled transitively via jsonld@8. Fix is jsonld@9 (semver-major).

Verification

  • SHACL gate (the kit's only jsonld consumer) still conformsnode test/run.mjs14 passed, 0 failed.
  • The vuln gate over the kit now reports 0 known critical/high in production deps (was 1 high).
  • Remaining: 1 low in the dev tree (not gating).

🤖 Generated with Claude Code

@bdelanghe @claude
fix(deps): bump jsonld 8→9 to clear the undici high advisory (dogfood…
ed29779 
… the vuln gate)

The kit's own vuln gate (#7) flagged 1 high advisory in production deps: undici's
unbounded-decompression-chain (pulled transitively via jsonld@8). The fix is
jsonld@9 (semver-major). Verified the SHACL gate — the kit's only jsonld consumer —
still conforms (test/run.mjs: 14 passed, 0 failed), and the vuln gate over the kit
now reports 0 known critical/high in production deps.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@bdelanghe bdelanghe merged commit d88b230 into main Jun 29, 2026
1 check passed
@bdelanghe bdelanghe deleted the conformance/fix-undici-advisory branch June 29, 2026 00:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bdelanghe