Skip to content

fix: patch 16 Dependabot security vulnerabilities#56

Merged
aleksUIX merged 1 commit into
mainfrom
fix/dependabot-security-vulns
Jun 20, 2026
Merged

fix: patch 16 Dependabot security vulnerabilities#56
aleksUIX merged 1 commit into
mainfrom
fix/dependabot-security-vulns

Conversation

@aleksUIX

Copy link
Copy Markdown
Owner

Summary

  • vscode: bump undici to 7.28.0, form-data to 4.0.6, js-yaml to 4.2.0, tmp to 0.2.7 via overrides in package.json; lock regenerated with 0 vulnerabilities
  • examples (react-demo, client-react-scratch, client-browser): vite ^6.4.1^6.4.3, resolves 2 high + 4 medium alerts across 3 manifests
  • chrome: esbuild ^0.28.0^0.28.1, resolves 1 low alert

All 16 open Dependabot alerts addressed. Lock files regenerated with npm install --package-lock-only.

Severity breakdown

Severity Count
High 7
Medium 6
Low 3

vscode: undici 7.28.0, form-data 4.0.6, js-yaml 4.2.0, tmp 0.2.7 via overrides
examples: vite 6.4.3 (3 manifests)
chrome: esbuild 0.28.1
@aleksUIX
aleksUIX merged commit 9706b23 into main Jun 20, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant