Commit 8986f33
Dependency security updates (#1225)
## Fix Dependabot Security Vulnerabilities
This PR addresses multiple Dependabot security alerts by updating
vulnerable dependencies to their patched versions.
**Key Changes:**
* Updated various direct and transitive dependencies including `cookie`,
`esbuild`, `brace-expansion`, `tmp`, `js-yaml`, `body-parser`, and
`mdast-util-to-hast`.
* Updated `@sentry/*` packages across the workspace via catalog updates
and direct dependency bumps in `packages/spotlight/package.json`.
* Introduced `pnpm.overrides` in the root `package.json` to ensure
`vite` versions `6.0.0-6.3.5` are upgraded to `6.3.6+` to mitigate
reported CVEs, specifically targeting transitive `vite` dependencies
brought in by `astro`.
**Verification:**
* Build and lint tasks pass successfully.
* Existing test failures in `docker-compose.test.ts` are noted as
pre-existing and unrelated to these dependency updates.
---------
Co-authored-by: Cursor Agent <[email protected]>1 parent ebcfd92 commit 8986f33
File tree
4 files changed
+306
-1574
lines changed- packages/spotlight
4 files changed
+306
-1574
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
34 | 46 | | |
35 | 47 | | |
36 | 48 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
77 | 77 | | |
78 | 78 | | |
79 | 79 | | |
80 | | - | |
81 | | - | |
82 | | - | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
83 | 83 | | |
84 | 84 | | |
85 | 85 | | |
| |||
0 commit comments