Skip to content

chore(deps): bump undici, http-proxy-middleware, webpack-dev-server, js-yaml#958

Merged
B4nan merged 1 commit into
masterfrom
chore/security-deps-bump-2
Jul 2, 2026
Merged

chore(deps): bump undici, http-proxy-middleware, webpack-dev-server, js-yaml#958
B4nan merged 1 commit into
masterfrom
chore/security-deps-bump-2

Conversation

@B4nan

@B4nan B4nan commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary

Lockfile-only bumps of vulnerable transitive deps to patched versions, all within existing semver ranges:

  • undici 7.27.2 → 7.28.0 (high + medium + low)
  • http-proxy-middleware 2.0.9 → 2.0.10 (medium)
  • webpack-dev-server 5.2.4 → 5.2.5 (medium)
  • js-yaml 3.14.2 → 3.15.0 (medium) — the gray-matter v3 line, now patchable in-range (previously a holdout)

All dev/docs tooling except undici, which is in the runtime tree via proxy-agent.

🤖 Generated with Claude Code

@B4nan B4nan added the adhoc Ad-hoc unplanned task added during the sprint. label Jul 2, 2026
@B4nan B4nan requested a review from barjin July 2, 2026 07:33
@B4nan B4nan merged commit 7b3a4fb into master Jul 2, 2026
7 checks passed
@B4nan B4nan deleted the chore/security-deps-bump-2 branch July 2, 2026 08:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

adhoc Ad-hoc unplanned task added during the sprint.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants