Skip to content

Commit b53db22

Browse files
committed
chore(deps): bump vite/undici/form-data/markdown-it/esbuild (dependabot)
Closes eight Dependabot alerts in the JS build/test toolchain (devDependencies, not shipped to users): vite 8.0.16, undici 7.28.0, form-data 4.0.6, markdown-it 14.2.0, esbuild 0.28.1. All within existing constraints; npm audit reports 0 vulnerabilities. Build + vitest + typecheck pass.
1 parent 74a13f8 commit b53db22

2 files changed

Lines changed: 285 additions & 213 deletions

File tree

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1012,6 +1012,12 @@ ones are marked like "v1.0.0-fork".
10121012

10131013
### Changed
10141014

1015+
* **Dependency security bumps** closing twelve Dependabot advisories. PHP
1016+
runtime: `guzzlehttp/guzzle` 7.10.0 → 7.12.1, `guzzlehttp/psr7` 2.9.0 →
1017+
2.12.1 (cookie-domain, proxy-downgrade, and URI-host issues). JS build/test
1018+
toolchain (not shipped to users): `vite` → 8.0.16, `undici` → 7.28.0,
1019+
`form-data` → 4.0.6, `markdown-it` → 14.2.0, `esbuild` → 0.28.1. All within
1020+
existing version constraints; `composer audit` and `npm audit` both clean.
10151021
* The archive-detect / extract / find-by-extension flow is now extracted
10161022
into `DictionaryImportFileResolver` and shared by the curated import,
10171023
legacy `/dictionaries/import`, and unified `/word/upload` routes. No

0 commit comments

Comments
 (0)