Commit e21308f
fix(deps): patch 13 Dependabot npm vulnerability alerts (#170)
Update package.json overrides so docs/package-lock.json no longer
resolves vulnerable versions:
- dompurify 3.4.0 -> 3.4.11 (alerts 88-94, 101)
- http-proxy-middleware -> 3.0.6 (alert 100, dev-server only)
- launch-editor -> 2.14.1 (alert 95)
- webpack-dev-server 5.2.4 -> 5.2.5 (alert 99)
- webpack-dev-server ws 8.20.1 -> 8.21.0 (alert 97)
- ws@^7 -> 7.5.11 for webpack-bundle-analyzer (alert 96)
- js-yaml@^4 -> 4.2.0 (scoped, alert 98 partial)
js-yaml uses a scoped override because gray-matter@4.0.3 pins
js-yaml@^3 (no 3.x patch exists) and calls safeLoad/safeDump,
removed in v4 — a blanket bump breaks the docs build.
Verified: `npm run build` passes clean with submodules initialized.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent 8d101f7 commit e21308f
2 files changed
Lines changed: 73 additions & 69 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
45 | | - | |
| 45 | + | |
46 | 46 | | |
47 | 47 | | |
| 48 | + | |
48 | 49 | | |
| 50 | + | |
| 51 | + | |
49 | 52 | | |
50 | 53 | | |
51 | 54 | | |
52 | 55 | | |
53 | 56 | | |
54 | 57 | | |
| 58 | + | |
55 | 59 | | |
56 | 60 | | |
57 | 61 | | |
58 | | - | |
59 | | - | |
| 62 | + | |
| 63 | + | |
60 | 64 | | |
61 | 65 | | |
62 | 66 | | |
| |||
0 commit comments