Fix vitest and axios vulnerabilities (#187)

diegopinate · web-flow · commit cd9aceac1f28 · 2025-03-14T14:00:17.000-04:00
Addresses: GHSA-9crc-q9x8-hgqq
diff --git a/.changeset/afraid-coats-find.md b/.changeset/afraid-coats-find.md
@@ -0,0 +1,5 @@
+---
+"@itwin/changed-elements-react": patch
+---
+
+Fix vitest and axios vulnerabilities
diff --git a/package.json b/package.json
@@ -22,8 +22,8 @@
   },
   "dependencies": {
     "@changesets/cli": "^2.27.11",
+    "@changesets/types": "6.0.0",
     "@types/node": "^18.11.9",
-    "@changesets/types":"6.0.0",
     "@typescript-eslint/eslint-plugin": "^7.4.0",
     "@typescript-eslint/parser": "^7.4.0",
     "eslint": "^8.57.0",
@@ -32,5 +32,13 @@
     "npm-run-all": "^4.1.5",
     "ts-node": "^10.9.1",
     "typescript": "~5.5.4"
+  },
+  "pnpm": {
+    "overrides": {
+      "dompurify@<3.2.4": ">=3.2.4",
+      "esbuild@<=0.24.2": ">=0.25.0",
+      "axios@<1.8.2": ">=1.8.2",
+      "@babel/runtime@<7.26.10": ">=7.26.10"
+    }
   }
 }
diff --git a/packages/changed-elements-react/package.json b/packages/changed-elements-react/package.json
@@ -69,7 +69,7 @@
     "redux": "^4.1.0",
     "typescript": "~5.5.4",
     "vite": "^5.4.11",
-    "vitest": "^2.1.1"
+    "vitest": "^2.1.9"
   },
   "peerDependencies": {
     "@itwin/appui-abstract": "^4.10.6",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@itwin/changed-elements-react": patch
 +---
++
 +Fix vitest and axios vulnerabilities