deps: bump toolchain to latest + patch transitive form-data/hono advisories#7
Merged
Conversation
- @anthropic-ai/claude-code 2.1.177 -> 2.1.183 - @agentclientprotocol/claude-agent-acp 0.44.0 -> 0.48.0 - @colbymchenry/codegraph 1.0.0 -> 1.0.1 - pnpm 11.6.0 -> 11.8.0 Regenerated tools/package-lock.json inside node:22 (npm ci verified; all 12 top-level pins remain exact). codegraph 1.0.1 keeps both linux-x64 and linux-arm64 prebuilt optionalDeps (multi-arch parity preserved). claude-agent-acp bin is unchanged (claude-agent-acp), so the CLAUDE_CODE_EXECUTABLE pinning stays intact; its transitive claude-agent-sdk moved 0.3.170 -> 0.3.183 (bundled, unused binary - image size only). No regressions to permission modes or the settings.json keys (advisorModel, tui, statusLine, autoUpdates) across the documented 2.1.x releases (178/179/181/183) between the old and new pins. RTK (v0.42.4), git-delta (0.19.2) and caveman (v1.9.0) are already at their latest releases - no Dockerfile change. Synced version strings in README.md and CLAUDE.md, and documented running npm audit after a lockfile regen. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
npm audit fix --package-lock-only (no top-level pin drift): - form-data 4.0.5 -> 4.0.6 (GHSA-hmw2-7cc7-3qxx: CRLF injection) - hono 4.12.23 -> 4.12.26 (path traversal / CORS / body-limit advisories) Reduces npm audit from 4 -> 2 high-severity. The remaining two are in @modelcontextprotocol/sdk (<=1.25.1), pulled in transitively by perplexity-mcp 0.2.3 (the latest release, which pins the old SDK) - upstream marks both "no fix available". Documented in SECURITY.md as a deliberately accepted residual: perplexity-mcp runs as a stdio server here, so the DNS-rebinding vector (GHSA-w48q-cv73-mx4w) is not reachable; closing it fully would require dropping perplexity-mcp or an npm overrides pin (user-decided follow-up, may break its SDK API usage). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Routine dependency refresh for the container toolchain. Two separable commits:
chore(deps)— bump the pinned npm CLIs to their latest releases.fix(deps)— patch two transitive high-severity advisories (npm audit fix, no top-level pin drift). This commit is independent and can be dropped if you prefer the bumps alone.Version bumps (
tools/package.json+ regeneratedtools/package-lock.json)@anthropic-ai/claude-code@agentclientprotocol/claude-agent-acp@colbymchenry/codegraphpnpmAlready at latest — no change:
@fission-ai/openspec(1.4.1),caveman-shrink(0.1.0),@modelcontextprotocol/server-sequential-thinking(2025.12.18),perplexity-mcp(0.2.3),typescript(6.0.3),ts-node(10.9.2),prettier(3.8.4),eslint(10.5.0); and the GitHub-release / build-arg depsrtk(v0.42.4),git-delta(0.19.2),caveman(v1.9.0). TheDockerfileis therefore untouched.Compatibility verification
-linux-x64and-linux-arm64prebuiltoptionalDependencies(registry-confirmed) — multi-arch parity preserved, so the CI arm64 leg is covered.bin(npm-shim.js) unchanged.bin(claude-agent-acp), so theCLAUDE_CODE_EXECUTABLEpinning andrun_acp.share unaffected. Its bundled (unused)@anthropic-ai/claude-agent-sdkmoved 0.3.170 → 0.3.183 (image-size only, not executed at runtime).settings.jsonkeys this image relies on (advisorModel,tui,statusLine,autoUpdates) or to permission-mode handling. Two relevant fixes land for free: the startup "setup issues" line moved to/doctor, and fullscreen statusline-corruption was fixed.>=22.13; the basenode:22-trixie-slimshipsv22.22.3— satisfied.Transitive security patch (
fix(deps)commit)npm audit fix --package-lock-onlycleanly resolves two pre-existing advisories with no top-level pin drift (4 → 2 high-severity):form-data4.0.5 → 4.0.6 (GHSA-hmw2-7cc7-3qxx, CRLF injection)hono4.12.23 → 4.12.26 (path-traversal / CORS / body-limit advisories)Remaining 2 high (accepted residual, documented in
SECURITY.md):@modelcontextprotocol/sdk(≤1.25.1), pulled in transitively byperplexity-mcp@0.2.3(latest, pins the old SDK) — upstream "no fix available".perplexity-mcpruns as a stdio server here, so the DNS-rebinding vector (GHSA-w48q-cv73-mx4w) is not reachable; closing it fully would mean droppingperplexity-mcpor an npmoverridespin (a follow-up that may break its SDK API usage).Validation
npm cifrom the regenerated lockfile installs cleanly; all 12 top-level pins resolve to the exact pinned versions.docker build). The arm64 leg is not exercised locally — it is covered by the registry optionalDeps parity check above and by CI's multi-arch build.Docs
README.mdandCLAUDE.mdversion strings synced;CLAUDE.mdnow documents runningnpm auditafter a lockfile regen;SECURITY.mddocuments the accepted transitive residual.