Commit a5cd327
committed
fix(deps): bump undici, js-yaml and @babel/core to patched versions
Resolves the outstanding Dependabot alerts in device_page by pinning the
affected transitive dependencies to their first patched versions via pnpm
overrides — without the major tooling upgrades:
- undici 7.25.0 -> 7.28.0 (1 high, 1 medium advisory)
- js-yaml 4.1.0 -> 4.2.0 (medium)
- @babel/core 7.27.4 -> 7.29.6 (low)
All bumps stay within the current major versions, so there are no API or
toolchain changes — just the security patches.1 parent 60166b4 commit a5cd327
2 files changed
Lines changed: 175 additions & 70 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
45 | 45 | | |
46 | 46 | | |
47 | 47 | | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
48 | 55 | | |
49 | 56 | | |
0 commit comments