Commit 45941a7
authored
chore(deps): regenerate lockfiles + bump vitest to v4 to clear vulnerabilities (#36)
Resolves the bulk of the 64 open Dependabot alerts surfaced after enabling
security updates on this repo. Three manifests were regenerated:
solution/MyHANAApp/package-lock.json
- npm audit: 6 -> 0 vulnerabilities (axios chain dropped by upstream)
solution/MyHANAApp/app/router/package-lock.json
- npm audit: 10 -> 2 vulnerabilities
- Remaining 2 (axios via @sap/approuter@21) require a major bump to
@sap/approuter@22; deferred to a separate validated PR since this
could affect xs-app.json / mta.yaml routing.
docs/package.json + docs/package-lock.json
- vitest devDependency bumped from ^2.1.9 to ^4 (compat verified: all
23 unit tests still pass, docs build still produces clean output)
- npm audit: 17 -> 4 vulnerabilities
- Remaining 4 are upstream-pending in the vitepress -> vite -> esbuild
chain, only reachable via the local dev server (npm run docs:dev),
not the production docs build. Will be dismissed in Dependabot with
'tolerable risk - dev server only' until vitepress publishes a fix.
No source-code changes; only lockfiles and one devDependency major bump.
Co-authored-by: Thomas Jung <12159356+jung-thomas@users.noreply.github.com>1 parent 418036c commit 45941a7
4 files changed
Lines changed: 1628 additions & 1222 deletions
File tree
- docs
- solution/MyHANAApp
- app/router
0 commit comments