fly316/PX4-Autopilot
7
0
Fork 0
mirror of https://gitee.com/mirrors_PX4/PX4-Autopilot.git synced 2026-04-14 10:07:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(build): resolve Dependabot security alerts (#26729)

Browse Source 
Fix 4 Dependabot alerts:
- CVE-2021-34141: remove duplicate vulnerable numpy==1.21.5 pin
- markdown-it ReDoS (>= 13.0.0, < 14.1.1): add yarn resolution to 14.1.1
- preact JSON VNode injection: resolved by yarn upgrade to 10.29.0
- esbuild dev server request leak (<= 0.24.2): add yarn resolution to 0.25.0

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
This commit is contained in:
Ramon Roche 2026-03-12 12:40:35 -07:00 committed by GitHub
parent ab6c9b7909
commit 3ed2f23d9c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 491 additions and 446 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/package.json
View File

@ -27,5 +27,9 @@
}, },
"devDependencies": { "devDependencies": {
"prettier": "^3.2.0" "prettier": "^3.2.0"
},
"resolutions": {
"markdown-it": "^14.1.1",
"esbuild": "^0.25.0"
} }
} }

932
docs/yarn.lock
View File

File diff suppressed because it is too large Load Diff

1
src/modules/ekf2/EKF/python/tuning_tools/baro_static_pressure_compensation/requirements.txt
View File

@ -1,6 +1,5 @@
matplotlib==3.5.1 matplotlib==3.5.1
numpy==1.22.2 numpy==1.22.2
numpy==1.21.5
numpy_quaternion==2022.4.3 numpy_quaternion==2022.4.3
pyulog==0.9.0 pyulog==0.9.0
scipy==1.8.0 scipy==1.8.0