Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
upgrade vulnerable dependency versions (#1023)
The following dependencies were listed as vulnerable by npm audit: - @sveltejs/kit: v1.30.3->v1.30.4 due to (low): - undici: v5.26.5->v5.28.3 (low) - vite: v4.5.1 -> v4.5.2 (**high**) This patch fixes the following vulnerabilities: - undici: GHSA-3787-6prv-h9w3 (proxy-authorization header...) - vite: GHSA-c24v-8rfc-w8vw (server.fs.deny bypass...) Except for svelte-check (fails due to lack of environment), all checks pass per `npm run all`. Site loads correctly on `npm run dev`. Signed-off-by: Amy Parker <amy@amyip.net> Co-authored-by: Ethan Davidson <31261035+EthanThatOneKid@users.noreply.github.com>
- Loading branch information