Skip to content

Fix: Update dependencies and resolve Ajv import issues#232

Open
0xAxiom wants to merge 4 commits intomainfrom
fix/update-dependencies-2025-03-29
Open

Fix: Update dependencies and resolve Ajv import issues#232
0xAxiom wants to merge 4 commits intomainfrom
fix/update-dependencies-2025-03-29

Conversation

@0xAxiom
Copy link
Copy Markdown
Owner

@0xAxiom 0xAxiom commented Mar 29, 2026

What

This PR updates several outdated dependencies and fixes TypeScript errors related to Ajv imports.

Dependencies Updated

  • Testing & Build Tools:

    • @vitest/coverage-v8: 4.0.18 → 4.1.2
    • vitest: 4.0.18 → 4.1.2
    • typescript-eslint: 8.55.0 → 8.57.2
    • lint-staged: 16.2.7 → 16.4.0

  • Linting:

    • @eslint/js: 9.39.2 → 9.39.4

  • Type Definitions:

    • @types/node updated across CLI, core, and dapp-factory packages

  • CLI Dependencies:

    • inquirer, ora, and dotenv updated to latest versions

Bug Fixes

  • Removed deprecated .default import from Ajv constructor in CLI/src/core/stages.ts
  • Removed non-existent strict option from Ajv configuration

Testing

  • All 252 tests passing ✅
  • TypeScript compilation successful ✅
  • ESLint checks passing ✅
  • No security vulnerabilities detected ✅

Why

Keeping dependencies up-to-date ensures:

  • Security vulnerability patches
  • Bug fixes and performance improvements
  • Compatibility with latest tooling
  • Better developer experience

0xAxiom added 3 commits March 28, 2026 11:12
@0xAxiom
refactor(cli): improve code quality with nullish coalescing operators
48cc49a 
- Replace logical OR (||) with nullish coalescing (??) for safer error handling
- Updated error message fallbacks in build, dream, run, and resume commands
- Updated buildPath fallbacks to use nullish coalescing
- Reduces eslint warnings and follows modern TypeScript best practices

This change makes the code more resilient by only falling back to default
values when the property is null or undefined, not when it's an empty string
or other falsy values.
@0xAxiom
fix: resolve critical and high severity security vulnerabilities
f241ad9 
- Fix handlebars critical vulnerabilities (JavaScript injection, DoS)
- Fix flatted high severity vulnerabilities (DoS, prototype pollution)
- Fix picomatch high severity vulnerabilities (ReDoS, glob matching)
- Fix brace-expansion and yaml moderate severity vulnerabilities
- All fixes applied via npm audit fix with dependency updates
- Zero vulnerabilities remaining across all packages
@0xAxiom
fix: update dependencies and resolve ajv import issues
d5cac11 
- Update @vitest/coverage-v8 from 4.0.18 to 4.1.2
- Update vitest from 4.0.18 to 4.1.2
- Update typescript-eslint from 8.55.0 to 8.57.2
- Update lint-staged from 16.2.7 to 16.4.0
- Update @eslint/js from 9.39.2 to 9.39.4
- Update @types/node across CLI, core, and dapp-factory packages
- Update inquirer, ora, and dotenv in CLI package

Fixes:
- Remove deprecated .default import from Ajv constructor
- Remove non-existent strict option from Ajv configuration

All tests passing. No security vulnerabilities detected.
@0xAxiom 0xAxiom requested a review from MeltedMindz as a code owner March 29, 2026 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MeltedMindz MeltedMindz Awaiting requested review from MeltedMindz MeltedMindz is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xAxiom