Commit 7f5f225
authored
fix(deps): resolve open Dependabot security alerts (#59)
Bump react-router/react-router-dom to 7.18.1 and js-yaml to 4.3.0,
clearing all 8 open Dependabot alerts:
- react-router (7 alerts): RCE via turbo-stream deserialization, DoS
in single-fetch and __manifest, XSS in RSC/prerender redirects,
open redirect, CSRF — fixed in <=7.15.1, resolved by 7.18.1
- js-yaml (1 alert): quadratic-complexity DoS in merge key handling —
fixed in 4.2.0, resolved by 4.3.0
Also pulls in non-breaking transitive fixes surfaced by npm audit
(@eslint/plugin-kit, ajv, brace-expansion). npm audit now reports
0 vulnerabilities.
Verified: npm run build, npm run lint, and a browser smoke test
(app loads, router works, 0 console errors) all pass.1 parent fd9fce1 commit 7f5f225
2 files changed
Lines changed: 107 additions & 81 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
24 | | - | |
| 24 | + | |
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
| |||
0 commit comments