Skip to content

Commit 303f54e

Browse files
chore(deps): resolve Dependabot security alerts (#450)
* chore(deps): resolve Dependabot security alerts Apply pnpm overrides to bump vulnerable transitive dependencies: - qs 6.15.0 -> 6.15.2 - ip-address 10.1.0 -> 10.1.1 - js-yaml 3.14.2 -> 3.15.0 / 4.1.1 -> 4.2.0 - @babel/core 7.28.6 -> 7.29.7 - @eslint/plugin-kit 0.2.8 -> 0.3.4 - brace-expansion 5.0.5 -> 5.0.6 elliptic remains unfixed because patched version >=6.6.2 is not yet published on npm. Co-Authored-By: Claude <noreply@anthropic.com> * docs(deps): add advisory comments and fix minimumReleaseAgeExclude syntax - Document each pnpm override with its GHSA ID and removal condition. - Split js-yaml@3.15.0 || 4.2.0 into two exact minimumReleaseAgeExclude entries. - Quote all minimumReleaseAgeExclude entries consistently. Co-Authored-By: Claude <noreply@anthropic.com> * chore(changeset): add changeset for dependency security fixes Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
1 parent 43ce3a3 commit 303f54e

3 files changed

Lines changed: 287 additions & 180 deletions

File tree

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
---
2+
"@offckb/cli": patch
3+
---
4+
5+
Resolve Dependabot security alerts via pnpm overrides for transitive dependencies:
6+
7+
- `qs` 6.15.0 → 6.15.2
8+
- `ip-address` 10.1.0 → 10.1.1
9+
- `js-yaml` 3.14.2 → 3.15.0 / 4.1.1 → 4.2.0
10+
- `@babel/core` 7.28.6 → 7.29.7
11+
- `@eslint/plugin-kit` 0.2.8 → 0.3.4
12+
- `brace-expansion` 5.0.5 → 5.0.6
13+
14+
`elliptic` remains unfixed because a patched version (>=6.6.2) is not yet published on npm.

0 commit comments

Comments
 (0)