@codyswann/lisa 2.16.0 → 2.16.1

package/package.json

@@ -79,7 +79,7 @@
     "lodash": ">=4.18.1"
   },
   "name": "@codyswann/lisa",
-  "version": "2.16.0",
+  "version": "2.16.1",
   "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
   "main": "dist/index.js",
   "exports": {

package/plugins/lisa/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.16.0",
+  "version": "2.16.1",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.16.0",
+  "version": "2.16.1",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.16.0",
+  "version": "2.16.1",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.16.0",
+  "version": "2.16.1",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.16.0",
+  "version": "2.16.1",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.16.0",
+  "version": "2.16.1",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/typescript/copy-overwrite/audit.ignore.config.json

@@ -137,6 +137,16 @@
       "id": "GHSA-j759-j44w-7fr8",
       "package": "@xmldom/xmldom",
       "reason": "XML node injection via unvalidated comment serialization. Transitive via expo > @expo/config-plugins > @expo/plist; only serializes developer-authored plist files at build/prebuild time, no runtime code path serializes attacker-controlled XML."
+    },
+    {
+      "id": "GHSA-v39h-62p7-jpjc",
+      "package": "fast-uri",
+      "reason": "Host confusion via percent-encoded authority delimiters in fast-uri parser. Transitive devDep via eslint > @eslint/eslintrc > ajv > fast-uri (also via commitlint, lisa); no production code path passes attacker-controlled URIs through ajv schema validation that relies on fast-uri parsing."
+    },
+    {
+      "id": "GHSA-q3j6-qgpj-74h6",
+      "package": "fast-uri",
+      "reason": "Path traversal via percent-encoded dot segments in fast-uri parser. Transitive devDep via eslint > @eslint/eslintrc > ajv > fast-uri (also via commitlint, lisa); no production code path passes attacker-controlled URIs through ajv schema validation that relies on fast-uri parsing."
     }
   ]
 }

package/typescript/package-lisa/package.lisa.json

@@ -23,12 +23,12 @@
     },
     "resolutions": {
       "@isaacs/brace-expansion": "^5.0.1",
-      "axios": ">=1.15.0",
+      "axios": ">=1.15.2",
       "handlebars": ">=4.7.9"
     },
     "overrides": {
       "@isaacs/brace-expansion": "^5.0.1",
-      "axios": ">=1.15.0",
+      "axios": ">=1.15.2",
       "handlebars": ">=4.7.9"
     }
   },