Skip to content

Security: Update transitive dependency resolutions#45

Merged
Xeonus merged 1 commit intomainfrom
automated/security-resolutions
Mar 25, 2026
Merged

Security: Update transitive dependency resolutions#45
Xeonus merged 1 commit intomainfrom
automated/security-resolutions

Conversation

@github-actions
Copy link
Copy Markdown

@github-actions github-actions Bot commented Mar 25, 2026

Summary

Automated update of resolutions in package.json to fix vulnerable transitive dependencies.
Sources: Dependabot alerts (medium/high/critical) + yarn audit.

Changes

Dependency Before After Severity Source
file-type (none) ^21.3.1 moderate yarn-audit
h3 ^1.15.6 ^1.15.9 moderate yarn-audit
jsonpath ^1.2.1 ^1.3.0 high yarn-audit

Note: This only updates transitive dependencies via resolutions. Direct dependency upgrades should be done manually to avoid breaking changes.

Verify

  • yarn install succeeds
  • yarn build succeeds
  • App runs correctly

@github-actions github-actions Bot force-pushed the automated/security-resolutions branch from a43d808 to 31a4049 Compare March 25, 2026 10:02
@Xeonus Xeonus mentioned this pull request Mar 25, 2026
Merged
Xeonus
Xeonus approved these changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@Xeonus Xeonus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

matches security alerts

@Xeonus Xeonus merged commit eea7a04 into main Mar 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Xeonus Xeonus Xeonus approved these changes

Assignees

No one assigned

Labels

dependencies security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Xeonus