Commit 9436ddc

committed

fix: update transitive dependencies to resolve known vulnerabilities

Non-breaking semver-compatible updates via npm audit fix: - tar 7.4.3 to 7.5.10 (High: path traversal, symlink poisoning, hardlink attacks) - lodash 4.17.21 to 4.17.23 (Moderate: prototype pollution in _.unset/_.omit) - js-yaml 3.14.1 to 3.14.2, 4.1.0 to 4.1.1 (Moderate: prototype pollution in merge) - glob 10.4.5 to 10.5.0 (High: command injection via --cmd) - brace-expansion 1.1.11 to 1.1.12, 2.0.1 to 2.0.2 (Low: ReDoS) - minimatch 3.1.2 to 3.1.5, 9.0.5 to 9.0.9, 5.1.6 to 9.0.9 (High: ReDoS) - mocha 11.4.0 to 11.7.5 (within ^11.4.0) - jshint 2.13.4 to 2.13.6 (within ^2.10.0) All updates stay within declared semver ranges. Only package-lock.json changed. Resolves 5 of 11 reported npm audit vulnerabilities.

1 parent b556fd8 commit 9436ddcCopy full SHA for 9436ddc

1 file changed

package-lock.json

Comments

(0)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 9436ddc

Uh oh!

File tree

0 commit comments