mirror of
https://github.com/ankitects/anki.git
synced 2026-06-10 02:42:06 -04:00
da64f03307
## Summary Consolidates 8 open Dependabot PRs into a single security-focused batch. ### Addressed advisories - GHSA: tar (Cargo) [#296](https://github.com/ankitects/anki/security/dependabot/296) - @tootallnate/once [#295](https://github.com/ankitects/anki/security/dependabot/295) - ws [#293](https://github.com/ankitects/anki/security/dependabot/293) - openssl [#292](https://github.com/ankitects/anki/security/dependabot/292) - idna [#291](https://github.com/ankitects/anki/security/dependabot/291) - devalue [#287](https://github.com/ankitects/anki/security/dependabot/287)/[#239](https://github.com/ankitects/anki/security/dependabot/239)/[#217](https://github.com/ankitects/anki/security/dependabot/217)/[#216](https://github.com/ankitects/anki/security/dependabot/216) - postcss [#275](https://github.com/ankitects/anki/security/dependabot/275) - svelte [#286](https://github.com/ankitects/anki/security/dependabot/286)/[#288](https://github.com/ankitects/anki/security/dependabot/288)/[#289](https://github.com/ankitects/anki/security/dependabot/289) - lodash-es [#258](https://github.com/ankitects/anki/security/dependabot/258)/[#259](https://github.com/ankitects/anki/security/dependabot/259) - @sveltejs/kit [#294](https://github.com/ankitects/anki/security/dependabot/294) ### Sources Merged from PRs: #4914, #4887, #4867, #4866, #4865, #4846, #4744, #4892. ### Not addressed — rand (Cargo) [#268](https://github.com/ankitects/anki/security/dependabot/268) PR #4741 (rand 0.9.4 → 0.10.1) was excluded because `fsrs 5.2.0` still depends on `rand 0.9.4`. The rand 0.10 API changes (`Rng` → `RngExt`) cause a compile error at the `PostSchedulingFn` boundary. This will be unblocked when fsrs is upgraded. ### Not addressed (transitive — follow-up) - urllib3 [#284](https://github.com/ankitects/anki/security/dependabot/284)/[#283](https://github.com/ankitects/anki/security/dependabot/283) - GitPython [#282](https://github.com/ankitects/anki/security/dependabot/282) - ip-address [#276](https://github.com/ankitects/anki/security/dependabot/276) - pytest [#266](https://github.com/ankitects/anki/security/dependabot/266) - Pygments [#256](https://github.com/ankitects/anki/security/dependabot/256) - brace-expansion [#255](https://github.com/ankitects/anki/security/dependabot/255)/[#158](https://github.com/ankitects/anki/security/dependabot/158) - picomatch [#253](https://github.com/ankitects/anki/security/dependabot/253)/[#252](https://github.com/ankitects/anki/security/dependabot/252) - tar (npm) [#238](https://github.com/ankitects/anki/security/dependabot/238)/[#235](https://github.com/ankitects/anki/security/dependabot/235)/[#209](https://github.com/ankitects/anki/security/dependabot/209) - immutable [#231](https://github.com/ankitects/anki/security/dependabot/231) - minimatch [#227](https://github.com/ankitects/anki/security/dependabot/227)/[#226](https://github.com/ankitects/anki/security/dependabot/226)/[#221](https://github.com/ankitects/anki/security/dependabot/221) - fabric [#211](https://github.com/ankitects/anki/security/dependabot/211) These need manual `yarn.lock` resolutions / `uv.lock` overrides. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Anki's TypeScript and Sass dependencies. Some TS/JS code is also stored separately in ../qt/aqt/data/web/.
To update all dependencies:
./update.sh
To add a new dev dependency, use something like:
./add.sh -D @rollup/plugin-alias