Skip to content

Commit d7b689c

Browse files
ksroda-saclaude
andauthored
deps: patch Dependabot security alerts in angular & react-native samples (#259)
react-native (login-pkce, token-refresh): re-resolve transitive deps to the patched versions in range — ws 7.5.10 -> 7.5.11 (GHSA-96hv-2xvq-fx4p, high), js-yaml 4.1.1 -> 4.2.0 (GHSA-h67p-54hq-rp68, medium). angular (login-pkce, token-refresh): @angular/build@22.0.1 exact-pins the vulnerable vite/esbuild/@babel/core and is the latest release, so add `resolutions` to force the patched versions: - vite 7.3.2 -> 7.3.5 and 8.0.10 -> 8.0.16 (GHSA-fx2h-pf6j-xcff high, GHSA-v6wh-96g9-6wx3 medium) - esbuild 0.27.7/0.28.0 -> 0.28.1 (GHSA-gv7w-rqvm-qjhr high, GHSA-g7r4-m6w7-qqqr low) - @babel/core 7.29.0 -> 7.29.6 (GHSA-4x5r-pxfx-6jf8 low) All are dev/build-time deps (not shipped in built apps). Verified: both angular samples `ng build` and vitest pass. react/vue already on vite 8.0.16. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 0615d42 commit d7b689c

6 files changed

Lines changed: 632 additions & 980 deletions

File tree

samples/angular/login-pkce/package.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,5 +32,11 @@
3232
"prettier": "3.8.4",
3333
"typescript": "6.0.3",
3434
"vitest": "4.1.8"
35+
},
36+
"resolutions": {
37+
"@angular/build/vite": "7.3.5",
38+
"vitest/vite": "8.0.16",
39+
"esbuild": "0.28.1",
40+
"@babel/core": "7.29.6"
3541
}
3642
}

0 commit comments

Comments
 (0)