mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-11 14:56:57 +08:00
fix(deps): resolve 3 critical Dependabot advisories
- go: bump github.com/jackc/pgx/v5 v5.6.0 -> v5.9.0 (CVE-2026-33815 / CVE-2026-33816, memory-safety in the Postgres driver). govulncheck reports 0 affecting vulnerabilities after the bump. - ci: pin aquasecurity/trivy-action to commit SHA ed142fd (v0.36.0) instead of the mutable @0.28.0 tag (GHSA-69fq-xp46-6x23, brief upstream supply-chain compromise). Dependabot now updates the SHA. - web: bump vitest ^4.0.16 -> ^4.1.0 (lockfile now 4.1.8) for GHSA-5xrq-8626-4rwp (Vitest UI server arbitrary file read/exec; dev-only).
This commit is contained in:
@@ -59,7 +59,7 @@
|
||||
"tailwindcss": "^3.4.17",
|
||||
"typescript": "^5.8.3",
|
||||
"vite": "^6.0.7",
|
||||
"vitest": "^4.0.16"
|
||||
"vitest": "^4.1.0"
|
||||
},
|
||||
"lint-staged": {
|
||||
"*.{ts,tsx}": [
|
||||
|
||||
Reference in New Issue
Block a user