Skip to content

docs: document deno audit --fix (2.8)#3078

Open
lunadogbot wants to merge 1 commit intodenoland:mainfrom
lunadogbot:docs/2.8-audit-fix
Open

docs: document deno audit --fix (2.8)#3078
lunadogbot wants to merge 1 commit intodenoland:mainfrom
lunadogbot:docs/2.8-audit-fix

Conversation

@lunadogbot
Copy link
Copy Markdown

@lunadogbot lunadogbot commented Apr 29, 2026

Summary

Documents the new --fix flag on deno audit shipping in Deno 2.8 (denoland/deno#32909). The flag automatically upgrades vulnerable direct dependencies to a patched semver-compatible version.

  • New "Auto-fixing vulnerabilities" section in runtime/reference/cli/audit.md.
  • Calls out the deliberate skips that keep --fix safe: no major-version bumps, no silent rewrites of >=1 <2 / 1.x / tag / alias specifiers, transitive deps reported rather than auto-fixed.
  • Includes example output.

Test plan

  • deno task serve — page renders, anchor #auto-fixing-vulnerabilities resolves.

@lunadogbot
docs: document deno audit --fix (2.8)
3bb8c8b 
Adds an "Auto-fixing vulnerabilities" section to audit.md describing
the new --fix flag, what it auto-fixes, and the safety rules that keep
it from silently making breaking changes (no major-version bumps, no
rewriting of non-caret specifier styles, transitive deps reported
rather than rewritten).

Refs denoland/deno#32909
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lunadogbot