Skip to content

Commit d82b7f7

Browse files
committed
security: patch vulnerable transitive deps without bumping framework
Clears 36 of 59 Dependabot alerts via surgical, in-major changes only: - catalog: vite 7.3.1->7.3.5, defu ^6.1.4->^6.1.7 - pnpm overrides forcing patched same-major versions for yaml, ws, tar, shell-quote, node-forge, lodash, nitropack, unhead, fast-uri, simple-git, flatted, postcss, @babel/plugin-transform-modules-systemjs, picomatch (2/4), brace-expansion (1/2/5), devalue@5, h3@1, webpack@5 No changes to vuetify/nuxt/vue/eslint/devtools declarations. 57/57 tests pass, build clean. Remaining 23 alerts are dev/build-only and need either a Nuxt framework bump (h3 2.x-rc, nuxt, nitro, srvx) or risky major jumps (serialize-javascript 6->7, esbuild via vite 8, devalue 2.x).
1 parent 39b7ab2 commit d82b7f7

2 files changed

Lines changed: 3600 additions & 1422 deletions

File tree

0 commit comments

Comments
 (0)