fix(deps): resolve 15 Dependabot security vulnerabilities
- undici: updated to fix WebSocket memory exhaustion, CRLF injection, HTTP smuggling, and 64-bit length overflow (10 alerts) - devalue: updated to fix prototype pollution in parse/unflatten (2 alerts) - serialize-javascript: override to >=7.0.3 fixes RCE via RegExp.flags (1 alert) - glib 0.18.5: unsound Iterator impls — upstream tauri dependency, cannot update without tauri releasing gtk-rs 0.22 support (1 alert, low risk) Resolves all npm vulnerabilities (0 remaining). 1 Rust advisory remains (glib, pinned by tauri gtk-rs dependency chain).
This commit is contained in:
Hibryda
parent
ec2fee256e
commit
6973c70c5a
2 changed files with 63 additions and 31 deletions
|
|
@ -34,6 +34,9 @@
|
|||
"vite": "^7.3.1",
|
||||
"vitest": "^4.0.18"
|
||||
},
|
||||
"overrides": {
|
||||
"serialize-javascript": ">=7.0.3"
|
||||
},
|
||||
"dependencies": {
|
||||
"@anthropic-ai/claude-agent-sdk": "^0.2.70",
|
||||
"@codemirror/lang-cpp": "^6.0.3",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue