Files
InvoiceShelf/package.json
Darko Gjorgjijoski 8c412fa2cf fix(security): bump axios, vite, postcss, follow-redirects to patched versions (#653)
Clears all 28 open Dependabot alerts on 2.x (13 high, 14 medium, 1 low),
which collapse to four frontend packages:

- axios 1.14.0 -> 1.16.0  (the bulk; exact-pinned, so Dependabot couldn't auto-PR)
- vite 8.0.3 -> 8.0.16    (>= 8.0.5 patched)
- follow-redirects 1.15.11 -> 1.16.0
- postcss 8.5.8 -> 8.5.15 (>= 8.5.10 patched)

Supersedes Dependabot PRs #629 (vite) and #630 (follow-redirects).
2026-06-05 00:41:32 +02:00

1.6 KiB