Skip to content

Commit a5cd327

Browse files
committed
fix(deps): bump undici, js-yaml and @babel/core to patched versions
Resolves the outstanding Dependabot alerts in device_page by pinning the affected transitive dependencies to their first patched versions via pnpm overrides — without the major tooling upgrades: - undici 7.25.0 -> 7.28.0 (1 high, 1 medium advisory) - js-yaml 4.1.0 -> 4.2.0 (medium) - @babel/core 7.27.4 -> 7.29.6 (low) All bumps stay within the current major versions, so there are no API or toolchain changes — just the security patches.
1 parent 60166b4 commit a5cd327

2 files changed

Lines changed: 175 additions & 70 deletions

File tree

src/slic3r/GUI/DeviceWeb/device_page/package.json

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,5 +45,12 @@
4545
"packageManager": "pnpm@10.12.1+sha512.f0dda8580f0ee9481c5c79a1d927b9164f2c478e90992ad268bbb2465a736984391d6333d2c327913578b2804af33474ca554ba29c04a8b13060a717675ae3ac",
4646
"optionalDependencies": {
4747
"lightningcss-win32-x64-msvc": "^1.32.0"
48+
},
49+
"pnpm": {
50+
"overrides": {
51+
"undici": "7.28.0",
52+
"js-yaml": "4.2.0",
53+
"@babel/core": "7.29.6"
54+
}
4855
}
4956
}

0 commit comments

Comments
 (0)