Commit d210e8b
committed
fix: resolve all open Dependabot alerts
- npm update: vite 7.3.6 (fs.deny bypass + launch-editor NTLM), js-yaml 4.3.0
(merge-key DoS), @babel/core 7.29.7 (sourceMappingURL file read), esbuild
0.28.1 (dev-server file read)
- add overrides for vulnerable transitive pins: js-cookie ^3.0.7 under
react-cookie-consent (prototype hijack; it only uses get/set/remove, API
unchanged in v3) and uuid ^11.1.1 under react-d3-tree (buffer bounds check;
it only imports v4, still exported in v11)
npm audit: 0 vulnerabilities; vite build and vitest (23/23) pass.1 parent f9b9d65 commit d210e8b
2 files changed
Lines changed: 256 additions & 222 deletions
0 commit comments