Skip to content

Fix npm audit issue #1172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
peterj merged 9 commits into from
Dec 15, 2025
Merged

Fix npm audit issue #1172

peterj merged 9 commits into from
Dec 15, 2025
+9 −9

Conversation

@Charlesthebird
Copy link
Contributor

@Charlesthebird Charlesthebird commented Dec 12, 2025

@Charlesthebird
fixed npm audit issues
ccc8c03 
Signed-off-by: Nicholas Bucher <behappy54321@gmail.com>
@Charlesthebird
build fix
dfe047b 
Signed-off-by: Nicholas Bucher <behappy54321@gmail.com>
@Charlesthebird
removed --turbopack from Dockerfile because of an incompatibility wit…
87ed428 
…h the new Next.js version.

Signed-off-by: Nicholas Bucher <behappy54321@gmail.com>
@Charlesthebird
updated package.json (npm audit issues already fixed)
7142f7f 
Signed-off-by: Nicholas Bucher <behappy54321@gmail.com>
@Charlesthebird
Merge branch 'kagent-dev:main' into charlesthebird/fixNpmAuditIssues
6c651e4
@Charlesthebird
npm i
e345838 
Signed-off-by: Nicholas Bucher <behappy54321@gmail.com>
@Charlesthebird
Merge branch 'main' of github.com:Charlesthebird/kagent into charlest…
68126c6 
…hebird/fixNpmAuditIssues
@Charlesthebird
fixed issue
9cb7280 
Signed-off-by: Nicholas Bucher <behappy54321@gmail.com>
@Charlesthebird Charlesthebird changed the title Fix npm audit issues Fix npm audit issue Dec 12, 2025
@Charlesthebird
bump
3101ade 
Signed-off-by: Nicholas Bucher <behappy54321@gmail.com>
@Charlesthebird Charlesthebird marked this pull request as ready for review December 15, 2025 14:40
Copilot AI review requested due to automatic review settings December 15, 2025 14:40
Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@peterj peterj merged commit 72c42ec into kagent-dev:main Dec 15, 2025
23 checks passed
@reneleonhardt
Copy link

reneleonhardt commented Jan 8, 2026

Glad that security fixes have been released!

Does "Fix npm audit issue" mean that npm audit wasn't working correctly?

I can only find that images are being scanned once per week, wouldn't a daily npm audit help to reduce the response time (like in this case 4 weeks)?
https://github.com/kagent-dev/kagent/blob/main/.github/workflows/image-scan.yaml#L6

And the fix implemented here (bumping dependencies) could be created by Dependabot automatically instead of waiting for contributors:
https://docs.github.com/en/code-security/dependabot/dependabot-security-updates

In addition, Dependabot could automatically update the outdated GitHub Actions and maybe even the Dockerfiles (although Renovatebot offers much better options).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@peterj peterj peterj approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Charlesthebird @reneleonhardt @peterj