Skip to content

fix(deps): bump jsonld 8→9 to clear the undici high advisory#8

Merged
bdelanghe merged 1 commit into
mainfrom
conformance/fix-undici-advisory
Jun 29, 2026
Merged

fix(deps): bump jsonld 8→9 to clear the undici high advisory#8
bdelanghe merged 1 commit into
mainfrom
conformance/fix-undici-advisory

Conversation

@bdelanghe

Copy link
Copy Markdown
Contributor

Dogfooding: the kit's own vuln gate (#7) flagged a high advisory in the kit's production deps — undici (unbounded decompression chain in HTTP responses), pulled transitively via jsonld@8. Fix is jsonld@9 (semver-major).

Verification

  • SHACL gate (the kit's only jsonld consumer) still conformsnode test/run.mjs14 passed, 0 failed.
  • The vuln gate over the kit now reports 0 known critical/high in production deps (was 1 high).
  • Remaining: 1 low in the dev tree (not gating).

🤖 Generated with Claude Code

… the vuln gate)

The kit's own vuln gate (#7) flagged 1 high advisory in production deps: undici's
unbounded-decompression-chain (pulled transitively via jsonld@8). The fix is
jsonld@9 (semver-major). Verified the SHACL gate — the kit's only jsonld consumer —
still conforms (test/run.mjs: 14 passed, 0 failed), and the vuln gate over the kit
now reports 0 known critical/high in production deps.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@bdelanghe bdelanghe merged commit d88b230 into main Jun 29, 2026
1 check passed
@bdelanghe bdelanghe deleted the conformance/fix-undici-advisory branch June 29, 2026 00:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant