Skip to content

fix: update @vercel/analytics to resolve Nuxt CVEs#163

Merged
dannyneira merged 2 commits into
mainfrom
independabot/nuxt-nitro-server-CVE-2026-47200
Jun 2, 2026
Merged

fix: update @vercel/analytics to resolve Nuxt CVEs#163
dannyneira merged 2 commits into
mainfrom
independabot/nuxt-nitro-server-CVE-2026-47200

Conversation

@dannyneira
Copy link
Copy Markdown
Member

@dannyneira dannyneira commented May 31, 2026

Summary

  • Update @vercel/analytics from ^2.0.0 to ^2.0.1.
  • Remove the auto-installed Nuxt peer dependency tree from package-lock.json because @vercel/analytics@2.0.1 marks nuxt as optional.
  • Resolve the transitive @nuxt/nitro-server Dependabot alerts without adding overrides.

Dependabot alerts resolved

Advisories

Verification

  • npx -y npm@10 --prefix /workspace/independabot/docs ci
  • npx -y npm@10 --prefix /workspace/independabot/docs audit --json no longer reports nuxt or @nuxt/nitro-server.
  • npm --prefix /workspace/independabot/docs run typecheck completed with 0 errors.
  • npm --prefix /workspace/independabot/docs run build completed successfully.

Conversation: https://staging.warp.dev/conversation/79e9ea5c-ebe9-48ed-badb-67c5d48cd4d2
Run: https://oz.staging.warp.dev/runs/019e7ec3-80e6-7d0a-9b4a-bc409953b38b
This PR was generated with Oz.

@oz-agent
fix: update @vercel/analytics to resolve Nuxt CVEs
f7a39d6 
Co-Authored-By: Oz <oz-agent@warp.dev>
@dannyneira dannyneira requested a review from hongyi-chen May 31, 2026 16:08
@cla-bot cla-bot Bot added the cla-signed label May 31, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 31, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Jun 2, 2026 8:47pm

Request Review

@dannyneira dannyneira requested a review from hongyi-chen June 1, 2026 20:03
@dannyneira dannyneira marked this pull request as ready for review June 1, 2026 20:03
@oz-for-oss
Copy link
Copy Markdown
Contributor

oz-for-oss Bot commented Jun 1, 2026
edited
Loading

@dannyneira

I'm starting a first review of this pull request.

You can view the conversation on Warp.

I completed the review and no human review was requested for this pull request.

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

oz-for-oss[bot]
oz-for-oss Bot reviewed Jun 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@oz-for-oss oz-for-oss Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overview

This PR updates @vercel/analytics from ^2.0.0 to ^2.0.1, with the PR description indicating the updated package metadata removes the auto-installed Nuxt peer dependency tree and resolves the transitive Dependabot alerts.

Concerns

  • No actionable correctness or security concerns found in the commentable diff.
  • Review scope note: the attached diff marks package-lock.json as unavailable, so I could not independently inspect the lockfile changes from the provided diff; the only commentable change is package.json.

Verdict

Found: 0 critical, 0 important, 0 suggestions

Approve

Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).

Powered by Oz

@dannyneira @oz-agent
Merge main into dependabot/nuxt-nitro-server-CVE-2026-47200 to resolv…
76efe2a 
…e PR conflicts

Co-Authored-By: Oz <oz-agent@warp.dev>
@dannyneira dannyneira merged commit 273cc90 into main Jun 2, 2026
8 checks passed
@dannyneira dannyneira deleted the independabot/nuxt-nitro-server-CVE-2026-47200 branch June 2, 2026 21:08
wanghaozi pushed a commit to wanghaozi/docs that referenced this pull request Jun 3, 2026
@dannyneira @oz-agent @wanghaozi
fix: update @vercel/analytics to resolve Nuxt CVEs (warpdotdev#163)
9f6c855 
Co-authored-by: Oz <oz-agent@warp.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oz-for-oss oz-for-oss[bot] oz-for-oss[bot] left review comments

@hongyi-chen hongyi-chen hongyi-chen approved these changes

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dannyneira @hongyi-chen @oz-agent