Elgato_dark/readest
1
0
Fork 0
mirror of https://github.com/readest/readest synced 2026-04-21 13:37:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fix(deps): bump dependencies to resolve 13 Dependabot security alerts (#3840)

Browse source 
Update next (16.2.3), vite (7.3.2+), react/react-dom (19.2.5),
@vitejs/plugin-rsc (0.5.23), react-server-dom-webpack (19.2.5),
and add overrides for lodash (4.18.0), lodash-es (4.18.0),
basic-ftp (5.2.2) to fix high/medium severity vulnerabilities
including DoS, code injection, prototype pollution, CRLF injection,
arbitrary file read, and path traversal.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Huang Xin 2026-04-12 12:44:30 +08:00 committed by GitHub
parent f86bbbcc22
commit 95ff526140
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 721 additions and 872 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
apps/readest-app/package.json
View file

@ -148,15 +148,15 @@
"lunr": "^2.3.9",
"marked": "^15.0.12",
"nanoid": "^5.1.6",
"next": "16.2.2",
"next": "16.2.3",
"next-view-transitions": "^0.3.5",
"nunjucks": "^3.2.4",
"overlayscrollbars": "^2.11.4",
"overlayscrollbars-react": "^0.5.6",
"posthog-js": "^1.246.0",
"react": "19.2.4",
"react": "19.2.5",
"react-color": "^2.19.3",
"react-dom": "19.2.4",
"react-dom": "19.2.5",
"react-i18next": "^15.2.0",
"react-icons": "^5.4.0",
"react-responsive": "^10.0.0",
@ -198,7 +198,7 @@
"@types/ws": "^8.18.1",
"@typescript/native-preview": "7.0.0-dev.20260312.1",
"@vitejs/plugin-react": "^5.1.1",
"@vitejs/plugin-rsc": "^0.5.21",
"@vitejs/plugin-rsc": "^0.5.23",
"@vitest/browser-playwright": "^4.0.18",
"@vitest/browser-webdriverio": "^4.0.18",
"@vitest/coverage-v8": "^4.0.18",
@ -222,12 +222,12 @@
"postcss-cli": "^11.0.0",
"postcss-nested": "^7.0.2",
"raw-loader": "^4.0.2",
"react-server-dom-webpack": "^19.2.4",
"react-server-dom-webpack": "^19.2.5",
"serwist": "^9.3.0",
"tailwindcss": "^3.4.18",
"typescript": "^5.7.2",
"vinext": "^0.0.21",
"vite": "^7.3.1",
"vite": "^7.3.3",
"vite-tsconfig-paths": "^5.1.4",
"vitest": "^4.0.18",
"wrangler": "^4.81.1"

6
package.json
View file

@ -32,7 +32,7 @@
"overrides": {
"glob": ">=11.1.0",
"jws": ">=4.0.1",
"vite": ">=7.3.1",
"vite": ">=7.3.2 <8",
"srvx": ">=0.11.13",
"rollup": ">=4.59.0",
"undici": ">=7.24.0",
@ -43,7 +43,9 @@
"path-to-regexp": ">=8.4.0",
"serialize-javascript": ">=7.0.5",
"fast-xml-parser": ">=5.5.7",
"lodash-es": ">=4.17.23",
"lodash": ">=4.18.0",
"lodash-es": ">=4.18.0",
"basic-ftp": ">=5.2.2",
"@babel/runtime": ">=7.26.10",
"@babel/helpers": ">=7.26.10",
"mdast-util-gfm-autolink-literal": "2.0.1",

1575
pnpm-lock.yaml
View file

File diff suppressed because it is too large Load diff