Morph MORPH
SIGN IN SIGN UP
dhruvhead / rocketride-server UNCLAIMED
0 0 0 Python

chore(security): close 9 dependabot alerts (Jun-23 triage wave) (#1342)

Closes 9 of 14 open Dependabot alerts on this repo. Two floor bumps on
existing `pnpm.overrides` entries + one new entry; lockfile regenerated.

The remaining 5 alerts are cryptography (#191/#192/#193 — handled in
the #1290/#1291 PR pair and a follow-up for text_output) and nltk
(#202/#203 — patched=null, tracked upstream).

Alerts closed:

  #204  HIGH    undici                  >=7.24.0 → >=7.28.0
  #205  MED     undici                  (same line)
  #209  LOW     undici                  (same line)
  #210  HIGH    undici                  (same line)
  #211  HIGH    undici                  (same line)
  #212  MED     undici                  (same line)
  #213  LOW     undici                  (same line)
  #206  MED     webpack-dev-server      >=5.2.4 → >=5.2.5
  #214  MED     http-proxy-middleware   new entry: >=2.0.10 <3

Lockfile-verified single resolutions post-edit:
  undici@7.28.0
  webpack-dev-server@5.2.5
  http-proxy-middleware@2.0.10
A
Anand Ray committed
faf367c4fedbbf2a74bc9c38faefb8abbb94e1a7
Parent: 1b1c70b
Committed by GitHub <noreply@github.com> on 6/24/2026, 4:59:42 AM