Skip to content

Commit d210e8b

Browse files
committed
fix: resolve all open Dependabot alerts
- npm update: vite 7.3.6 (fs.deny bypass + launch-editor NTLM), js-yaml 4.3.0 (merge-key DoS), @babel/core 7.29.7 (sourceMappingURL file read), esbuild 0.28.1 (dev-server file read) - add overrides for vulnerable transitive pins: js-cookie ^3.0.7 under react-cookie-consent (prototype hijack; it only uses get/set/remove, API unchanged in v3) and uuid ^11.1.1 under react-d3-tree (buffer bounds check; it only imports v4, still exported in v11) npm audit: 0 vulnerabilities; vite build and vitest (23/23) pass.
1 parent f9b9d65 commit d210e8b

2 files changed

Lines changed: 256 additions & 222 deletions

File tree

0 commit comments

Comments
 (0)