Commit ae945b1
committed
fix(deps): resolve Dependabot alerts for transitive deps
Clears all 14 open Dependabot alerts. All four flagged packages are
transitive deps pulled in via @modelcontextprotocol/sdk, fixed with
patch/minor bumps:
- fast-uri 3.1.0 -> 3.1.2 (high; via ajv)
- hono 4.12.12 -> 4.12.25 (medium/low; via @hono/node-server)
- qs 6.15.0 -> 6.15.2 (medium; via express/body-parser)
- ip-address 10.1.0 -> 10.1.1 (medium; via express-rate-limit)
fast-uri, hono and qs update cleanly via `npm update`. express-rate-limit
pins ip-address to exactly 10.1.0, so an `overrides` entry forces the
patched 10.1.1 (a patch release, API-compatible).
`npm audit` now reports 0 vulnerabilities; build passes.1 parent 6f2c3d9 commit ae945b1
2 files changed
Lines changed: 15 additions & 12 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
25 | 28 | | |
26 | 29 | | |
27 | 30 | | |
| |||
0 commit comments