Skip to content

Fix critical npm alerts#58

Open
lancewillett wants to merge 1 commit into
trunkfrom
fix/dependabot-critical-alerts
Open

Fix critical npm alerts#58
lancewillett wants to merge 1 commit into
trunkfrom
fix/dependabot-critical-alerts

Conversation

@lancewillett
Copy link
Copy Markdown

@lancewillett lancewillett commented May 31, 2026

Summary

  • Add npm overrides for basic-ftp and form-data in plugins/static-files-editor.
  • Add an npm override for sha.js in examples/create-wp-site.
  • Regenerate the affected lockfiles.

Testing

  • npm ci --ignore-scripts in plugins/static-files-editor
  • npm audit --audit-level=critical --json | jq ' .metadata.vulnerabilities ' in plugins/static-files-editor\n- npm ls basic-ftp form-data --all in plugins/static-files-editor\n- npm run build in plugins/static-files-editor\n- npx wp-scripts test-unit-js --runInBand --testMatch '**/*.spec.ts' in plugins/static-files-editor\n- npm ci --ignore-scripts in examples/create-wp-site\n- npm audit --audit-level=critical --json | jq ' .metadata.vulnerabilities ' in examples/create-wp-site\n- npm ls sha.js --all in examples/create-wp-site\n- node --check index.js in examples/create-wp-site\n- git diff --check

@lancewillett lancewillett requested a review from adamziel May 31, 2026 00:03
@lancewillett lancewillett self-assigned this May 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamziel adamziel Awaiting requested review from adamziel

Assignees

@lancewillett lancewillett

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lancewillett