From 86e2f1b103556854139eac176e8382b28741904a Mon Sep 17 00:00:00 2001 From: marklaursen Date: Mon, 13 Apr 2026 14:13:58 +0100 Subject: [PATCH 1/2] fix: resolve vite security vulnerabilities (path traversal, fs.deny bypass, WebSocket file read) - Bump vite 7.3.1 -> 7.3.2 (root, via vitest) - Bump vite 6.4.1 -> 6.4.2 (dashboard) Co-Authored-By: Claude Opus 4.6 (1M context) --- dashboard/package-lock.json | 6 +++--- package-lock.json | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dashboard/package-lock.json b/dashboard/package-lock.json index d7a5a89..7fbe307 100644 --- a/dashboard/package-lock.json +++ b/dashboard/package-lock.json @@ -3996,9 +3996,9 @@ } }, "node_modules/vite": { - "version": "6.4.1", - "resolved": "https://registry.npmjs.org/vite/-/vite-6.4.1.tgz", - "integrity": "sha512-+Oxm7q9hDoLMyJOYfUYBuHQo+dkAloi33apOPP56pzj+vsdJDzr+j1NISE5pyaAuKL4A3UD34qd0lx5+kfKp2g==", + "version": "6.4.2", + "resolved": "https://registry.npmjs.org/vite/-/vite-6.4.2.tgz", + "integrity": "sha512-2N/55r4JDJ4gdrCvGgINMy+HH3iRpNIz8K6SFwVsA+JbQScLiC+clmAxBgwiSPgcG9U15QmvqCGWzMbqda5zGQ==", "dev": true, "license": "MIT", "peer": true, diff --git a/package-lock.json b/package-lock.json index d4edd0e..84e59da 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3254,9 +3254,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "7.3.1", - "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.1.tgz", - "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==", + "version": "7.3.2", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.2.tgz", + "integrity": "sha512-Bby3NOsna2jsjfLVOHKes8sGwgl4TT0E6vvpYgnAYDIF/tie7MRaFthmKuHx1NSXjiTueXH3do80FMQgvEktRg==", "dev": true, "license": "MIT", "peer": true, From 4baf2c9c9c806b11c89c7b94a2e189d46aa15c85 Mon Sep 17 00:00:00 2001 From: marklaursen Date: Mon, 13 Apr 2026 14:37:23 +0100 Subject: [PATCH 2/2] chore: remove dependabot Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/dependabot.yml | 49 ------------------------------------------ 1 file changed, 49 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index ccf788e..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,49 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/" - schedule: - interval: "weekly" - open-pull-requests-limit: 10 - groups: - eslint: - patterns: - - "eslint*" - - "@eslint/*" - - "typescript-eslint" - typescript: - patterns: - - "typescript" - - "@types/*" - test: - patterns: - - "vitest" - - - package-ecosystem: "npm" - directory: "/dashboard" - schedule: - interval: "weekly" - open-pull-requests-limit: 10 - groups: - radix-ui: - patterns: - - "@radix-ui/*" - codemirror: - patterns: - - "@codemirror/*" - vite: - patterns: - - "vite" - - "@vitejs/*" - - - package-ecosystem: "pip" - directory: "/python-sdk" - schedule: - interval: "weekly" - open-pull-requests-limit: 10 - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - open-pull-requests-limit: 10