fix: Preact security vulnerability issue#1332
Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses a security vulnerability in Preact by updating it from version 10.26.9 to 10.28.2. The fix uses npm's overrides feature in package.json to enforce a minimum version of 10.26.10 for all transitive dependencies that depend on Preact (specifically @docsearch/js used by VitePress documentation and instantsearch.js).
Key changes:
- Added Preact version override constraint
>=10.26.10in package.json - Updated lock files to reflect the new Preact version 10.28.2
Reviewed changes
Copilot reviewed 1 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Added Preact version override to enforce minimum secure version |
| package-lock.json | Updated Preact dependency from 10.26.9 to 10.28.2 |
| yarn.lock | Updated Preact dependency from 10.26.9 to 10.28.2 |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## development #1332 +/- ##
==============================================
Coverage 56.63% 56.63%
Complexity 2268 2268
==============================================
Files 207 207
Lines 8733 8733
==============================================
Hits 4946 4946
Misses 3787 3787
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
No description provided.