Skip to content

fix(deps): update device_page and test JS lockfiles to resolve Dependabot alerts#10877

Open
BenJule wants to merge 2 commits into
bambulab:masterfrom
BenJule:upstream/fix/js-security
Open

fix(deps): update device_page and test JS lockfiles to resolve Dependabot alerts#10877
BenJule wants to merge 2 commits into
bambulab:masterfrom
BenJule:upstream/fix/js-security

Conversation

@BenJule
Copy link
Copy Markdown

@BenJule BenJule commented May 22, 2026

Summary

Updates JavaScript dependency lockfiles to resolve outstanding Dependabot security alerts:

  • src/slic3r/GUI/DeviceWeb/device_page/package.json + pnpm-lock.yaml: bump pnpm deps to versions without known CVEs
  • src/slic3r/GUI/DeviceWeb/device_page/tsconfig.app.json: minor config update
  • tests/web-e2e/package.json + pnpm-lock.yaml: bump web-e2e test deps

No functional changes — lockfile-only updates.

BenJule added 2 commits May 22, 2026 13:57
@BenJule
fix: update device_page pnpm deps to resolve all Dependabot alerts
dbe5504 
- pnpm update --latest: vite 6→8, rollup 4.60→4.64, typescript 5→6,
  eslint 9→10; resolves tar, flatted, minimatch, picomatch, postcss,
  js-yaml, rollup, vite CVEs (20 alerts)
- tsconfig.app.json: add ignoreDeprecations:6.0 for baseUrl (TS 6.0)
@BenJule
fix: update JS lockfiles to resolve Dependabot security alerts
4745e63 
device_page: brace-expansion patched via npm audit fix
tests/web-e2e: @typescript-eslint 8.59.4 pulls in patched
  brace-expansion, minimatch, picomatch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BenJule