Commit d7b689c
deps: patch Dependabot security alerts in angular & react-native samples (#259)
react-native (login-pkce, token-refresh): re-resolve transitive deps to the
patched versions in range — ws 7.5.10 -> 7.5.11 (GHSA-96hv-2xvq-fx4p, high),
js-yaml 4.1.1 -> 4.2.0 (GHSA-h67p-54hq-rp68, medium).
angular (login-pkce, token-refresh): @angular/build@22.0.1 exact-pins the
vulnerable vite/esbuild/@babel/core and is the latest release, so add
`resolutions` to force the patched versions:
- vite 7.3.2 -> 7.3.5 and 8.0.10 -> 8.0.16 (GHSA-fx2h-pf6j-xcff high,
GHSA-v6wh-96g9-6wx3 medium)
- esbuild 0.27.7/0.28.0 -> 0.28.1 (GHSA-gv7w-rqvm-qjhr high,
GHSA-g7r4-m6w7-qqqr low)
- @babel/core 7.29.0 -> 7.29.6 (GHSA-4x5r-pxfx-6jf8 low)
All are dev/build-time deps (not shipped in built apps). Verified: both
angular samples `ng build` and vitest pass. react/vue already on vite 8.0.16.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent 0615d42 commit d7b689c
6 files changed
Lines changed: 632 additions & 980 deletions
File tree
- samples
- angular
- login-pkce
- token-refresh
- react-native
- login-pkce
- token-refresh
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
35 | 41 | | |
36 | 42 | | |
0 commit comments