fix(deps): bump vulnerable transitive deps in uv.lock and dashboard lockfile#131
fix(deps): bump vulnerable transitive deps in uv.lock and dashboard lockfile#131smoochy wants to merge 1 commit into
Conversation
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (2)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
aiohttp 3.13.5 -> 3.14.1 (11 advisories incl. GHSA-63hw-fmq6-xxg2) starlette 1.1.0 -> 1.3.1 (GHSA-82w8-qh3p-5jfq, GHSA-jp82-jpqv-5vv3) pydantic-settings 2.14.1 -> 2.14.2 (GHSA-4xgf-cpjx-pc3j) hono 4.12.21 -> 4.12.29 (5 advisories incl. GHSA-88fw-hqm2-52qc) qs 6.15.1 -> 6.15.3 (GHSA-q8mj-m7cp-5q26) @babel/core 7.29.0 -> 7.29.7 (GHSA-4x5r-pxfx-6jf8) Lockfile-only; all bumps are within existing semver ranges.
19d37db to
a4ddaff
Compare
Lockfile-only security bumps, all within existing semver ranges:
Verified:
uv lock --checkpasses;npm ciinplugin/dashboardpasses;package.jsonuntouched;lockfileVersionunchanged.Note: npm resolved hono/qs/@babel/core to the latest patch within their existing semver ranges (4.12.29 / 6.15.3 / 7.29.7), which meet or exceed the advisory-fixed versions.
🤖 Generated with Claude Code