Skip to content

Commit e21308f

Browse files
BeArchiTekclaude
andauthored
fix(deps): patch 13 Dependabot npm vulnerability alerts (#170)
Update package.json overrides so docs/package-lock.json no longer resolves vulnerable versions: - dompurify 3.4.0 -> 3.4.11 (alerts 88-94, 101) - http-proxy-middleware -> 3.0.6 (alert 100, dev-server only) - launch-editor -> 2.14.1 (alert 95) - webpack-dev-server 5.2.4 -> 5.2.5 (alert 99) - webpack-dev-server ws 8.20.1 -> 8.21.0 (alert 97) - ws@^7 -> 7.5.11 for webpack-bundle-analyzer (alert 96) - js-yaml@^4 -> 4.2.0 (scoped, alert 98 partial) js-yaml uses a scoped override because gray-matter@4.0.3 pins js-yaml@^3 (no 3.x patch exists) and calls safeLoad/safeDump, removed in v4 — a blanket bump breaks the docs build. Verified: `npm run build` passes clean with submodules initialized. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 8d101f7 commit e21308f

2 files changed

Lines changed: 73 additions & 69 deletions

File tree

docs/package-lock.json

Lines changed: 66 additions & 66 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/package.json

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,21 +42,25 @@
4242
"typescript": "~5.6.2"
4343
},
4444
"overrides": {
45-
"dompurify": "3.4.0",
45+
"dompurify": "3.4.11",
4646
"fast-uri": "3.1.2",
4747
"follow-redirects": "1.16.0",
48+
"http-proxy-middleware": "3.0.6",
4849
"joi": "17.13.4",
50+
"js-yaml@^4.0.0": "4.2.0",
51+
"launch-editor": "2.14.1",
4952
"lodash-es": "4.18.0",
5053
"mermaid": "11.15.0",
5154
"qs": "6.15.2",
5255
"serialize-javascript": "7.0.5",
5356
"shell-quote": "1.8.4",
5457
"uuid": "11.1.1",
58+
"ws@^7.0.0": "7.5.11",
5559
"minimatch@<3.1.4": "3.1.4",
5660
"minimatch@>=9.0.0 <9.0.7": "9.0.7",
5761
"webpack-dev-server": {
58-
".": "5.2.4",
59-
"ws": "8.20.1"
62+
".": "5.2.5",
63+
"ws": "8.21.0"
6064
}
6165
},
6266
"browserslist": {

0 commit comments

Comments
 (0)