Files
InvoiceShelf/package.json
Darko Gjorgjijoski f07b41fe55 fix(security): patch 7 vulnerable frontend deps on the v3 line (#654)
Clears all 7 npm advisories surfaced by `yarn audit` (3 high, 4 moderate -> 0).
These are not surfaced by Dependabot since 3.x is not the default branch.

- axios            1.14.0  -> 1.17.0  (high; was exact-pinned)
- vite             8.0.3   -> 8.0.16  (high)
- marked           18.0.1  -> 18.0.5  (high; AI-chat markdown parser)
- dompurify        3.3.3   -> 3.4.8   (moderate; AI-chat HTML sanitizer)
- postcss          8.5.8   -> 8.5.15  (moderate)
- follow-redirects 1.15.11 -> 1.16.0  (moderate)
- brace-expansion  5.0.5   -> 5.0.6   (moderate; dev-only transitive under eslint, pinned via resolutions)

Updates the tracked yarn.lock; `yarn build` verified.
2026-06-11 09:10:57 +02:00

1.9 KiB