Skip to content

Commit 45941a7

Browse files
authored
chore(deps): regenerate lockfiles + bump vitest to v4 to clear vulnerabilities (#36)
Resolves the bulk of the 64 open Dependabot alerts surfaced after enabling security updates on this repo. Three manifests were regenerated: solution/MyHANAApp/package-lock.json - npm audit: 6 -> 0 vulnerabilities (axios chain dropped by upstream) solution/MyHANAApp/app/router/package-lock.json - npm audit: 10 -> 2 vulnerabilities - Remaining 2 (axios via @sap/approuter@21) require a major bump to @sap/approuter@22; deferred to a separate validated PR since this could affect xs-app.json / mta.yaml routing. docs/package.json + docs/package-lock.json - vitest devDependency bumped from ^2.1.9 to ^4 (compat verified: all 23 unit tests still pass, docs build still produces clean output) - npm audit: 17 -> 4 vulnerabilities - Remaining 4 are upstream-pending in the vitepress -> vite -> esbuild chain, only reachable via the local dev server (npm run docs:dev), not the production docs build. Will be dismissed in Dependabot with 'tolerable risk - dev server only' until vitepress publishes a fix. No source-code changes; only lockfiles and one devDependency major bump. Co-authored-by: Thomas Jung <12159356+jung-thomas@users.noreply.github.com>
1 parent 418036c commit 45941a7

4 files changed

Lines changed: 1628 additions & 1222 deletions

File tree

0 commit comments

Comments
 (0)