Skip to content

Commit 0c85722

Browse files
chore(deps): patch 4 npm security vulnerabilities (#2655)
Centralises patched versions via root overrides (and the advent-of-calm website overrides for its standalone lockfile): - tmp ^0.2.6 -> ^0.2.7 (override too loose, permitted vulnerable 0.2.6) - esbuild -> ^0.28.1 (new root + advent-of-calm/website override) - joi -> ^17.13.4 (new root override) Also removes the @vscode/vsce minimatch override. baa5716 intended that pin only for minimatch 3.x consumers, but @vscode/vsce requires minimatch ^10.2.2; forcing 3.1.x broke "vsce package" (minimatch_1.minimatch is not a function) on a clean lockfile regeneration. vsce now resolves the already-patched minimatch 10.2.5. Bumps calm-hub-ui @vitejs/plugin-react ^4.3.4 -> ^5.0.0. Required to regenerate the lockfile cleanly: #2657 bumped vite to 8 but plugin-react 4.x only peers vite <=7, so a clean install ERESOLVEs. plugin-react 5.2.0 (already hoisted at root) supports vite 8 and dedupes to one copy. Resolves: GHSA-7c78-jf6q-g5cm, GHSA-gv7w-rqvm-qjhr, GHSA-g7r4-m6w7-qqqr, GHSA-q7cg-457f-vx79
1 parent 7146105 commit 0c85722

5 files changed

Lines changed: 6076 additions & 7435 deletions

File tree

0 commit comments

Comments
 (0)