Mirrors_Framework/PX4-Autopilot
1
0
Fork 0
mirror of https://github.com/PX4/PX4-Autopilot.git synced 2026-05-20 20:03:54 +08:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

fix(build): resolve Dependabot security alerts (#26729)

Browse Source 
Fix 4 Dependabot alerts:
- CVE-2021-34141: remove duplicate vulnerable numpy==1.21.5 pin
- markdown-it ReDoS (>= 13.0.0, < 14.1.1): add yarn resolution to 14.1.1
- preact JSON VNode injection: resolved by yarn upgrade to 10.29.0
- esbuild dev server request leak (<= 0.24.2): add yarn resolution to 0.25.0

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
This commit is contained in:
Ramon Roche
2026-03-12 12:40:35 -07:00
committed by GitHub
parent ab6c9b7909
commit 3ed2f23d9c
3 changed files with 491 additions and 446 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/package.json
+4
View File
@@ -27,5 +27,9 @@
},
"devDependencies": {
"prettier": "^3.2.0"
},
"resolutions": {
"markdown-it": "^14.1.1",
"esbuild": "^0.25.0"
}
}
docs/yarn.lock
+487 -445
View File
File diff suppressed because it is too large Load Diff
src/modules/ekf2/EKF/python/tuning_tools/baro_static_pressure_compensation/requirements.txt
-1
View File
@@ -1,6 +1,5 @@
matplotlib==3.5.1
numpy==1.22.2
numpy==1.21.5
numpy_quaternion==2022.4.3
pyulog==0.9.0
scipy==1.8.0