meta: npm audit fix lockfile

[AugustinMauroy]

Description

For strange reason dependabot can't fix security update on our dep so I do it manually.
When I update lockfile it's had also update eslint in sub-dep so I had to fix error

Validation

CI should pass

Related Issues

https://github.com/nodejs/nodejs.org/security/dependabot/68

Check List

• I have read the Contributing Guidelines and made commit messages that follow the guideline.
• I have run npm run format to ensure the code follows the style guide.
• I have run npm run test to check if all tests are passing.
• I have run npx turbo build to check if the website builds without errors.
• I've covered new added functionality with unit tests if necessary.

[Copilot]

Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
nodejs-org	✅ Ready (Inspect)	Visit Preview	Mar 25, 2025 10:19am

[github-actions]

Lighthouse Results

URL	Performance	Accessibility	Best Practices	SEO	Report
/en	🟢 100	🟢 100	🟢 100	🟢 91	🔗
/en/about	🟢 100	🟢 100	🟢 100	🟢 91	🔗
/en/about/previous-releases	🟢 99	🟢 100	🟢 100	🟢 92	🔗
/en/download	🟠 86	🟢 100	🟢 100	🟢 91	🔗
/en/blog	🟢 100	🟢 100	🟢 96	🟢 92	🔗

[avivkeller]

For strange reason dependabot can't fix security update on our dep so I do it manually.

https://github.com/nodejs/nodejs.org/actions/runs/14017847496/job/39245822446 says that Dependabot thinks "The lockfile might be out of sync?"

[github-actions]

Unit Test Coverage Report

Title	Lines	Statements	Branches	Functions
@node-core/ui-components		95.83% (161/168)	77.86% (102/131)	88.57% (31/35)
@nodejs/website		84.74% (500/590)	76.03% (165/217)	87.09% (108/124)

Title	Tests	Skipped	Failures	Errors	Time
@node-core/ui-components	24	0 💤	0 ❌	0 🔥	5.142s ⏱️
@nodejs/website	157	0 💤	0 ❌	0 🔥	6.713s ⏱️

[avivkeller]

@AugustinMauroy looks like an ESlint related error occurred. Did you update the entire lock file or just Babel?

[AugustinMauroy]

Did you update the entire lock file or just Babel?

I just do an npm audit fix. but eslint output look legit. So why it's not failing on main ??

https://github.com/nodejs/nodejs.org/actions/runs/14017847496/job/39245822446 says that Dependabot thinks "The lockfile might be out of sync?"

maybe come form monorepo ?

[avivkeller]

I just do an npm audit fix. but eslint output look legit. So why it's not failing on main ??

Looking at the lock file, it looks like the audit updated all the dependencies.

So if we just fix the ESLint error, this should be fine.

[AugustinMauroy]

Looking at the lock file, it looks like the audit updated all the dependencies.

Strange behavior of npm. I pretty sure that I didn't ran npm update

[AugustinMauroy]

fix error + update pr description

[avivkeller]

LGTM, but we should wait a day or two for more reviews just to be sure

[bjohansebas]

lgtm

[avivkeller]

This has enough approvals to land, but I ask that you want until #7401 lands to avoid conflicts (like 8 hours, sorry for the delay). It'd be easier to simply run this command after that PR than to rebase and manually setup and trigger a retest in that PR, especially because this changes a lot of dependencies. I don't want to risk breaking anything.

If you'd rather land this first, that's okay too! I'll rebase and retest that PR, it won't take too much work.