From 9224399062acb8befbb4243919c72f577b89f067 Mon Sep 17 00:00:00 2001 From: Saagar Patel Date: Tue, 21 Apr 2026 13:31:43 +0200 Subject: [PATCH] chore(deps): bump basic-ftp to 5.3.0 and vite to 7.3.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Supersedes #42 (npm-security group) and #44 (vite direct bump) — both blocked by branch-name governance. Re-created on a codex- compliant branch per docs/SECURITY.md. - basic-ftp: pnpm.overrides pin ^5.2.0 -> ^5.3.0 (security group) - vite: devDependency ^7.0.4 -> ^7.3.2 (minor, plugin-react 5 safe) #43 (picomatch 2.3.1 -> 2.3.2) intentionally skipped: picomatch@2.3.1 is a transitive dep pinned by a parent, and a minor-patch bump isn't worth an override hack. Picomatch@4.0.3 coexists at the latest major already. Validated locally: - pnpm install resolves cleanly to basic-ftp 5.3.0 and vite 7.3.2 - pnpm build: 636ms - pnpm test: 127/127 - pnpm typecheck: clean Co-Authored-By: Claude Opus 4.7 (1M context) --- package.json | 4 ++-- pnpm-lock.yaml | 38 +++++++++++++++++++------------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/package.json b/package.json index fb36b67..cbf0acf 100644 --- a/package.json +++ b/package.json @@ -112,7 +112,7 @@ "commitizen": "^4.3.1", "husky": "^9.1.7", "typescript": "~5.8.3", - "vite": "^7.0.4", + "vite": "^7.3.2", "vitest": "^3.2.4", "@vitest/coverage-v8": "^3.2.4", "@axe-core/playwright": "^4.11.0", @@ -138,7 +138,7 @@ "pnpm": { "overrides": { "@lhci/cli>tmp": "^0.2.4", - "basic-ftp": "^5.2.0", + "basic-ftp": "^5.3.0", "commitizen>lodash": "^4.17.23", "eslint>ajv": "^6.14.0", "external-editor>tmp": "^0.2.4", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f240232..63253f8 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -6,7 +6,7 @@ settings: overrides: "@lhci/cli>tmp": ^0.2.4 - basic-ftp: ^5.2.0 + basic-ftp: ^5.3.0 commitizen>lodash: ^4.17.23 eslint>ajv: ^6.14.0 external-editor>tmp: ^0.2.4 @@ -82,7 +82,7 @@ importers: version: 8.56.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.8.3) "@vitejs/plugin-react": specifier: ^5.2.0 - version: 5.2.0(vite@7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2)) + version: 5.2.0(vite@7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2)) "@vitest/coverage-v8": specifier: ^3.2.4 version: 3.2.4(vitest@3.2.4(@types/node@25.2.3)(jiti@2.6.1)(jsdom@27.4.0)(yaml@2.8.2)) @@ -129,8 +129,8 @@ importers: specifier: ^8.46.1 version: 8.56.0(eslint@9.39.2(jiti@2.6.1))(typescript@5.8.3) vite: - specifier: ^7.0.4 - version: 7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) + specifier: ^7.3.2 + version: 7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) vitest: specifier: ^3.2.4 version: 3.2.4(@types/node@25.2.3)(jiti@2.6.1)(jsdom@27.4.0)(yaml@2.8.2) @@ -2491,10 +2491,10 @@ packages: } hasBin: true - basic-ftp@5.2.0: + basic-ftp@5.3.0: resolution: { - integrity: sha512-VoMINM2rqJwJgfdHq6RiUudKt2BV+FY5ZFezP/ypmwayk68+NzzAQy4XXLlqsGD4MCzq3DrmNFD/uUmBJuGoXw==, + integrity: sha512-5K9eNNn7ywHPsYnFwjKgYH8Hf8B5emh7JKcPaVjjrMJFQQwGpwowEnZNEtHs7DfR7hCZsmaK3VA4HUK0YarT+w==, } engines: { node: ">=10.0.0" } @@ -6537,10 +6537,10 @@ packages: engines: { node: ^18.0.0 || ^20.0.0 || >=22.0.0 } hasBin: true - vite@7.3.1: + vite@7.3.2: resolution: { - integrity: sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==, + integrity: sha512-Bby3NOsna2jsjfLVOHKes8sGwgl4TT0E6vvpYgnAYDIF/tie7MRaFthmKuHx1NSXjiTueXH3do80FMQgvEktRg==, } engines: { node: ^20.19.0 || >=22.12.0 } hasBin: true @@ -8073,7 +8073,7 @@ snapshots: "@testing-library/dom@10.4.1": dependencies: - "@babel/code-frame": 7.28.6 + "@babel/code-frame": 7.29.0 "@babel/runtime": 7.28.6 "@types/aria-query": 5.0.4 aria-query: 5.3.0 @@ -8264,7 +8264,7 @@ snapshots: "@typescript-eslint/types": 8.56.0 eslint-visitor-keys: 5.0.0 - "@vitejs/plugin-react@5.2.0(vite@7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2))": + "@vitejs/plugin-react@5.2.0(vite@7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2))": dependencies: "@babel/core": 7.29.0 "@babel/plugin-transform-react-jsx-self": 7.27.1(@babel/core@7.29.0) @@ -8272,7 +8272,7 @@ snapshots: "@rolldown/pluginutils": 1.0.0-rc.3 "@types/babel__core": 7.20.5 react-refresh: 0.18.0 - vite: 7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) + vite: 7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) transitivePeerDependencies: - supports-color @@ -8303,13 +8303,13 @@ snapshots: chai: 5.3.3 tinyrainbow: 2.0.0 - "@vitest/mocker@3.2.4(vite@7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2))": + "@vitest/mocker@3.2.4(vite@7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2))": dependencies: "@vitest/spy": 3.2.4 estree-walker: 3.0.3 magic-string: 0.30.21 optionalDependencies: - vite: 7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) + vite: 7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) "@vitest/pretty-format@3.2.4": dependencies: @@ -8491,7 +8491,7 @@ snapshots: baseline-browser-mapping@2.9.17: {} - basic-ftp@5.2.0: {} + basic-ftp@5.3.0: {} bidi-js@1.0.3: dependencies: @@ -9316,7 +9316,7 @@ snapshots: get-uri@6.0.5: dependencies: - basic-ftp: 5.2.0 + basic-ftp: 5.3.0 data-uri-to-buffer: 6.0.2 debug: 4.4.3 transitivePeerDependencies: @@ -10911,7 +10911,7 @@ snapshots: debug: 4.4.3 es-module-lexer: 1.7.0 pathe: 2.0.3 - vite: 7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) + vite: 7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) transitivePeerDependencies: - "@types/node" - jiti @@ -10926,7 +10926,7 @@ snapshots: - tsx - yaml - vite@7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2): + vite@7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2): dependencies: esbuild: 0.27.2 fdir: 6.5.0(picomatch@4.0.3) @@ -10944,7 +10944,7 @@ snapshots: dependencies: "@types/chai": 5.2.3 "@vitest/expect": 3.2.4 - "@vitest/mocker": 3.2.4(vite@7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2)) + "@vitest/mocker": 3.2.4(vite@7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2)) "@vitest/pretty-format": 3.2.4 "@vitest/runner": 3.2.4 "@vitest/snapshot": 3.2.4 @@ -10962,7 +10962,7 @@ snapshots: tinyglobby: 0.2.15 tinypool: 1.1.1 tinyrainbow: 2.0.0 - vite: 7.3.1(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) + vite: 7.3.2(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) vite-node: 3.2.4(@types/node@25.2.3)(jiti@2.6.1)(yaml@2.8.2) why-is-node-running: 2.3.0 optionalDependencies: