Skip to content

fix: resolve dependency vulnerabilities in 3 demo apps#133

Open
memosr wants to merge 2 commits into
base:masterfrom
memosr:fix/dependency-vulnerabilities
Open

fix: resolve dependency vulnerabilities in 3 demo apps#133
memosr wants to merge 2 commits into
base:masterfrom
memosr:fix/dependency-vulnerabilities

Conversation

@memosr

@memosr memosr commented Jul 4, 2026

Copy link
Copy Markdown

Runs npm audit fix (no --force, no code changes) across three affected apps:

  • agents/trading-agent: handlebars, picomatch, esbuild patched (3 to 1 low)
  • base-account/agent-spend-permissions: axios, viem, ws, next, cdp-sdk updated (27 to 2 moderate)
  • apps/demo_notif_app: axios, viem, ws, cdp-sdk updated (11 to 2)

Only package-lock.json changed in each app, no application code or package.json touched. Builds verified clean for all three.

Not included: paymaster/hangman-onchain (51 vulnerabilities), the only fix path requires bumping @coinbase/onchainkit to a version needing React 19, a breaking change out of scope here. Happy to open a separate PR for that if useful.

memosr added 2 commits July 4, 2026 09:51
- agents/trading-agent: handlebars, picomatch, esbuild patched (3→1 low)
- agent-spend-permissions: axios, viem, ws, next, cdp-sdk updated (27→2 moderate)
- apps/demo_notif_app: axios, viem, ws, cdp-sdk updated (11→2)

No code or package.json changes; lockfile-only updates. Builds verified clean.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant