Commit 303f54e
chore(deps): resolve Dependabot security alerts (#450)
* chore(deps): resolve Dependabot security alerts
Apply pnpm overrides to bump vulnerable transitive dependencies:
- qs 6.15.0 -> 6.15.2
- ip-address 10.1.0 -> 10.1.1
- js-yaml 3.14.2 -> 3.15.0 / 4.1.1 -> 4.2.0
- @babel/core 7.28.6 -> 7.29.7
- @eslint/plugin-kit 0.2.8 -> 0.3.4
- brace-expansion 5.0.5 -> 5.0.6
elliptic remains unfixed because patched version >=6.6.2 is not yet published on npm.
Co-Authored-By: Claude <noreply@anthropic.com>
* docs(deps): add advisory comments and fix minimumReleaseAgeExclude syntax
- Document each pnpm override with its GHSA ID and removal condition.
- Split js-yaml@3.15.0 || 4.2.0 into two exact minimumReleaseAgeExclude entries.
- Quote all minimumReleaseAgeExclude entries consistently.
Co-Authored-By: Claude <noreply@anthropic.com>
* chore(changeset): add changeset for dependency security fixes
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>1 parent 43ce3a3 commit 303f54e
3 files changed
Lines changed: 287 additions & 180 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
0 commit comments