Skip to content

[code-infra] Address high/critical dependabot reports #46937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Janpot merged 3 commits into from
Sep 15, 2025
Merged

[code-infra] Address high/critical dependabot reports #46937

Janpot merged 3 commits into from
Sep 15, 2025

Conversation

@Janpot
Copy link
Member

@Janpot Janpot commented Sep 15, 2025
edited
Loading

Just selectively, going through the reports from critical => low. Addressing the high and critical ones

@Janpot Janpot added security Pull requests that address a security vulnerability. scope: code-infra Involves the code-infra product (https://www.notion.so/mui-org/5562c14178aa42af97bc1fa5114000cd). labels Sep 15, 2025
@mui-bot
Copy link

mui-bot commented Sep 15, 2025
edited
Loading

Netlify deploy preview

https://deploy-preview-46937--material-ui.netlify.app/

Bundle size report

Bundle Parsed size Gzip size
@mui/material 0B(0.00%) 0B(0.00%)
@mui/lab 0B(0.00%) 0B(0.00%)
@mui/system 0B(0.00%) 0B(0.00%)
@mui/utils 0B(0.00%) 0B(0.00%)

Details of bundle changes

Generated by 🚫 dangerJS against 79036e6

@Janpot Janpot marked this pull request as ready for review September 15, 2025 12:42
@Janpot Janpot requested a review from a team September 15, 2025 12:42
brijeshb42
brijeshb42 reviewed Sep 15, 2025
View reviewed changes
Copy link
Contributor

@brijeshb42 brijeshb42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you make the changes manually?

@Janpot
Copy link
Member Author

Janpot commented Sep 15, 2025

I can't get pnpm to selectively update a transitive dependency. But you can emulate the behavior by removing their entry from the lockfile manually, then pnpm dedupe.

@Janpot Janpot merged commit 71a2b15 into mui:master Sep 15, 2025
19 of 20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brijeshb42 brijeshb42 brijeshb42 left review comments

Assignees

No one assigned

Labels

scope: code-infra Involves the code-infra product (https://www.notion.so/mui-org/5562c14178aa42af97bc1fa5114000cd). security Pull requests that address a security vulnerability.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Janpot @mui-bot @brijeshb42