Files
InvoiceShelf/package.json
Darko Gjorgjijoski 9c5b8776c6 fix(deps): bump vulnerable dependencies to patched versions (#674)
Resolves the open Dependabot alerts on 2.x plus a laravel/framework
advisory surfaced by composer audit:

- vite 8.0.3 -> 8.0.5 (npm) — keeps rolldown 1.0.0-rc.12 so the build
  stays correct; vite 8.0.15+ pulls the broken rolldown 1.0.3
- laravel/framework -> 13.15.0 (CVE-2026-48019, CRLF injection in the
  default email validation rule)
- symfony/{mime,http-kernel,mailer,routing,yaml,polyfill-intl-idn} and
  guzzlehttp/psr7 -> patched releases

composer audit clean; frontend build verified (no dangling chunk refs).
2026-06-12 09:47:43 +02:00

1.6 KiB