fix: patch high-severity vulnerabilities in picomatch and vite #128
@@ -229,7 +229,7 @@ Headlamp v0.39.0 with default `watchPlugins: true` treats catalog-managed plugin
|
|||||||
**Action Items:**
|
**Action Items:**
|
||||||
- [ ] Parallelize test execution
|
- [ ] Parallelize test execution
|
||||||
- [ ] Add npm cache to GitHub Actions
|
- [ ] Add npm cache to GitHub Actions
|
||||||
- [ ] Integrate Dependabot
|
- [x] Renovate is configured org-wide via `github>privilegedescalation/.github:renovate-config`
|
||||||
- [ ] Add semantic-release
|
- [ ] Add semantic-release
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|||||||
+1
-1
@@ -212,7 +212,7 @@ If you discover a security vulnerability in this plugin, please report it via:
|
|||||||
|
|
||||||
The project uses:
|
The project uses:
|
||||||
- **npm audit**: Runs automatically during `npm install`
|
- **npm audit**: Runs automatically during `npm install`
|
||||||
- **Dependabot**: GitHub Dependabot monitors dependencies and creates PRs for updates
|
- **Renovate**: Automated dependency updates via Mend Renovate (org-wide configured)
|
||||||
- **GitHub Actions**: CI workflow runs `npm audit` on every commit
|
- **GitHub Actions**: CI workflow runs `npm audit` on every commit
|
||||||
|
|
||||||
### Updating Dependencies
|
### Updating Dependencies
|
||||||
|
|||||||
+3
-1
@@ -36,7 +36,9 @@
|
|||||||
"tar": "^7.5.11",
|
"tar": "^7.5.11",
|
||||||
"undici": "^7.24.3",
|
"undici": "^7.24.3",
|
||||||
"flatted": "^3.4.2",
|
"flatted": "^3.4.2",
|
||||||
"lodash": ">=4.18.0"
|
"lodash": ">=4.18.0",
|
||||||
|
"picomatch": ">=4.0.4",
|
||||||
|
"vite": ">=6.4.2"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
|
|||||||
Generated
+503
-127
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user