mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-07-16 22:05:20 +00:00
Resolves the open Dependabot alerts on 2.x plus a laravel/framework
advisory surfaced by composer audit:
- vite 8.0.3 -> 8.0.5 (npm) — keeps rolldown 1.0.0-rc.12 so the build
stays correct; vite 8.0.15+ pulls the broken rolldown 1.0.3
- laravel/framework -> 13.15.0 (CVE-2026-48019, CRLF injection in the
default email validation rule)
- symfony/{mime,http-kernel,mailer,routing,yaml,polyfill-intl-idn} and
guzzlehttp/psr7 -> patched releases
composer audit clean; frontend build verified (no dangling chunk refs).
1.6 KiB
1.6 KiB