Fix high-severity Dependabot alerts (#2801)
## Summary - **Go**: Update `buger/jsonparser` 1.1.1 → 1.1.2 (DoS fix) - **Django**: Update 4.2.27 → 4.2.29 (SQL injection + uncontrolled resource consumption fixes) - **Rails example**: Upgrade Rails 7.1.5 → 7.2.0, bringing rack 2.2.14 → 3.2.5 (directory traversal + Active Storage path traversal fixes) - **VS Code extension**: Add yarn resolutions to update minimatch 3.1.2 → 3.1.5 (ReDoS) and serialize-javascript 6.0.2 → 7.0.4 (RCE via RegExp.flags) ## Test plan - [ ] Verify `go build ./...` still passes - [ ] Verify VS Code extension compiles (`cd vscode-extension && yarn compile`) - [ ] Confirm Dependabot alerts close after merge 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
M
Mike Landau committed
ab5eba0cf5436da18dd380ba41af328949345c21
Parent: f82a364
Committed by GitHub <noreply@github.com>
on 3/25/2026, 12:28:31 AM