Skip to content

chore(deps): bump axios/postcss/basic-ftp + serialize-javascript override#605

Merged
B4nan merged 2 commits intomasterfrom
chore/dependabot-lockfile-updates
May 6, 2026
Merged

chore(deps): bump axios/postcss/basic-ftp + serialize-javascript override#605
B4nan merged 2 commits intomasterfrom
chore/dependabot-lockfile-updates

Conversation

@B4nan
Copy link
Copy Markdown
Member

@B4nan B4nan commented May 6, 2026
edited
Loading

Summary

Resolves the bulk of open Dependabot alerts in pnpm-lock.yaml:

Out of scope

Not addressed — needs upstream

🤖 Generated with Claude Code

@B4nan @claude
chore(deps): bump axios/postcss/basic-ftp and override serialize-java…
aa620ac 
…script

Resolves the bulk of open Dependabot alerts in pnpm-lock.yaml:

- axios 1.15.0 -> 1.16.0 (closes #212-#224)
- postcss 8.5.9 -> 8.5.14 (closes #211)
- basic-ftp 5.2.2 -> 5.3.1 (closes #209)
- serialize-javascript 6.0.2 -> 7.0.5 via workspace override on
  copy-webpack-plugin and css-minimizer-webpack-plugin (closes #205, #208)

Not addressed: file-type alerts (#206, #207). The vulnerable 20.5.0
is pinned by @crawlee/utils@3.16.0 (still declares file-type ^20.0.0
in latest), and bumping to 21.x is a major across an API surface that
crawlee depends on at runtime — needs an upstream crawlee bump first.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@B4nan B4nan added the adhoc Ad-hoc unplanned task added during the sprint. label May 6, 2026
@github-actions github-actions Bot added this to the 140th sprint - Tooling team milestone May 6, 2026
@github-actions github-actions Bot added the t-tooling Issues with this label are in the ownership of the tooling team. label May 6, 2026
@B4nan @claude
chore(deps): drop unused serialize-javascript override
73a4d66 
The serialize-javascript Dependabot alerts (#205, #208) are dismissed as
not_used (rspack pipeline doesn't pull the webpack/terser path that loads
serialize-javascript at runtime), so the override is no longer needed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@B4nan B4nan merged commit 8b62c69 into master May 6, 2026
9 of 10 checks passed
@B4nan B4nan deleted the chore/dependabot-lockfile-updates branch May 6, 2026 10:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@B4nan B4nan

Labels

adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team.

Projects

None yet

Milestone

140th sprint - Tooling team

Development

Successfully merging this pull request may close these issues.

2 participants

@B4nan @apify-service-account