Skip to content

Addressing dependabot issues#42

Merged
pofallon merged 1 commit into
masterfrom
copilot/address-dependabot-issues
May 25, 2026
Merged

Addressing dependabot issues#42
pofallon merged 1 commit into
masterfrom
copilot/address-dependabot-issues

Conversation

Copilot AI commented May 25, 2026

Copy link
Copy Markdown
Contributor

Pull request created by AI Agent

@pofallon
fix: address dependabot security vulnerabilities
a3acf99 
- Upgrade next-mdx-remote from ^5.0.0 to ^6.0.0 (fixes GHSA-g4xw-jxrg-5f6m:
  arbitrary code execution in RSC rendering of untrusted MDX content)
- Remove dead serialize/compiledContent code from blog-post-loader.ts and
  blog-post-types.ts that was incompatible with next-mdx-remote v6
- Add postcss overrides (>=8.5.10) to fix GHSA-qx2v-qp2m-jg93 at the
  top-level; update postcss devDependency to ^8.5.10
- Run npm install to update package-lock.json (reduces from 10 to 2
  moderate vulnerabilities; remaining 2 are in next.js bundled postcss,
  an upstream issue with no stable fix yet)

Agent-Logs-Url: https://github.com/get2knowio/site/sessions/7b31aa42-bdde-481c-89b0-89bb5dd6d58a

Co-authored-by: pofallon <505519+pofallon@users.noreply.github.com>
@pofallon pofallon marked this pull request as ready for review May 25, 2026 22:42
@pofallon pofallon merged commit 103c07b into master May 25, 2026
1 check failed
@pofallon pofallon deleted the copilot/address-dependabot-issues branch May 25, 2026 22:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pofallon pofallon

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pofallon