Skip to content

Commit 95f66b4

Browse files
mitopernimitoperni
authored
fix(deps): address 8 client and API dependency vulnerabilities (#342)
* fix(deps): upgrade axios to 1.15.0 to fix SSRF, metadata exfiltration, and DoS vulnerabilities (GHSA-3p68-rc4w-qgx5, GHSA-fvcv-3m26-pcqx, GHSA-4hjh-wcwx-xvwj, GHSA-43fc-jf86-j433) * fix(deps): pin vite to 6.4.2 via scoped override to fix arbitrary file read via dev server WebSocket (GHSA-p9ff-h696-f583) * fix(deps): pin picomatch to 2.3.2 and 4.0.4 via scoped overrides to fix ReDoS via extglob quantifiers (GHSA-c2c7-rcm5-vvqj) * fix(deps): pin lodash to 4.18.1 via scoped override to fix code injection via _.template imports (GHSA-r5fr-rjxr-66jc)
1 parent 98bbfb7 commit 95f66b4

2 files changed

Lines changed: 4513 additions & 1 deletion

File tree

package.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,14 +13,22 @@
1313
"splitenv": "node scripts/splitenv.mts .env API CLIENT DATABASE LOAD_TESTS WEBSHOT",
1414
"test:splitenv": "vitest run scripts/splitenv.test.mts"
1515
},
16+
"pnpm": {
17+
"overrides": {
18+
"vitest>vite": "6.4.2",
19+
"micromatch>picomatch": "2.3.2",
20+
"vite>picomatch": "4.0.4",
21+
"archiver-utils>lodash": "4.18.1"
22+
}
23+
},
1624
"devDependencies": {
1725
"@eslint/eslintrc": "3.3.0",
1826
"@eslint/js": "9.22.0",
1927
"@types/config": "3.3.5",
2028
"@types/node": "22.13.10",
2129
"@types/supertest": "6.0.2",
2230
"@vitest/coverage-v8": "3.1.1",
23-
"axios": "1.8.4",
31+
"axios": "1.15.0",
2432
"config": "3.3.12",
2533
"cross-env": "7.0.3",
2634
"env-cmd": "10.1.0",

0 commit comments

Comments
 (0)