fix(deps): npm audit fix — bump transitive vulns in lockfile#20
fix(deps): npm audit fix — bump transitive vulns in lockfile#20lsegura-cuenca wants to merge 1 commit into
Conversation
Lockfile-only update (no package.json changes). Closes ~17 Dependabot alerts across transitive deps: - undici → 7.24.8 (4 GHSAs: GHSA-vrm6-8vpv-qv8q, GHSA-v9p9-hfj2-hcw8, GHSA-4992-7rv2-5pvq, GHSA-2mjp-6q6p-2qxm, GHSA-g9mf-h72j-4rw9) - qs → 6.15.1 (GHSA-6rw7-vpxm-498p, GHSA-w7fw-mjwx-w883) - picomatch → 4.0.4 (GHSA-c2c7-rcm5-vvqj, GHSA-3v7f-55p6-f55p) - path-to-regexp → 8.4.2 (GHSA-j3q9-mxjg-w52f, GHSA-27v5-c462-wpq7) - defu → 6.1.5 (GHSA-737v-mqg7-c878) - body-parser → 2.2.2 (GHSA-wqch-xfxh-vrr4) - esbuild → 0.25.2 / 0.27.3 (GHSA-67mh-4wv8-2f99) - rollup → 4.60.3 (GHSA-mw96-cpmx-2vgc) - wrangler → 4.90.0 (GHSA-36p8-mvp6-cv38) - vite → 6.4.2 (también bumpeado, overlap con PR vite explícito) - postcss → 8.5.14 (GHSA-qx2v-qp2m-jg93) Generated by: npm audit fix (no --force, solo cambios semver-seguros). Verified: npm run build succeeds. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
1 participant
Summary
Aplicación de
npm audit fix(sin--force) que solo realiza bumps respetando los rangos semver depackage.json. Cero cambios enpackage.json, solo lockfile. Build verificado verde.Cierra ~17 alertas Dependabot en transitivas:
Test plan
npm installynpm audit fixsin errores.npm run buildverde (cliente + SSR build).Nota de orden
Este PR puede mergearse antes o después del PR de
vite— si se mergea este primero, el PR de vite quedará casi como no-op (solo eleva el floor enpackage.json).🤖 Generated with Claude Code