Baoyuantop opened a new pull request, #3324:
URL: https://github.com/apache/apisix-dashboard/pull/3324
## Summary
- Resolve all 15 open Dependabot security alerts
- `pnpm audit` reports zero vulnerabilities after changes
- Build and lint pass cleanly
## Changes
### Direct dependency bumps (`package.json`)
- `axios` ^1.13.2 → ^1.13.5
- `qs` ^6.14.1 → ^6.14.2
- `@estruyf/github-actions-reporter` ^1.10.0 → ^1.11.0 (resolves `undici`
vulnerability via `@actions/core` 3.0.0 → `@actions/http-client` 4.0.0)
### pnpm overrides (transitive vulnerability fixes)
- `lodash` >=4.17.23, `lodash-es` >=4.17.23
- `minimatch` >=9.0.7
- `rollup` >=4.59.0
- `simple-git` >=3.32.3
- `diff` >=8.0.3
- `@swc/core` 1.10.0
### E2E test lint fixes
`eslint-plugin-playwright` 2.2.1 → 2.9.0 (upgraded transitively) introduced
new rules:
- `consistent-spacing-between-blocks`: added required blank lines between
test blocks
- `prefer-locator`: changed `page.textContent('body')` →
`page.locator('body').textContent()`
Affected 13 test files across consumer_groups, consumers, hot-path,
plugin_configs, protos, routes, secrets, services, stream_routes, and upstreams
specs.
## Verification
- [x] `pnpm audit` — zero vulnerabilities
- [x] `pnpm build` — TypeScript + Vite build passes
- [x] `pnpm lint` — zero errors, zero warnings
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
