You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Update @eslint/plugin-kit from <0.3.4 to >=0.3.4 to fix Regular Expression Denial of Service vulnerability
- Add security override in pnpm-workspace.yaml to enforce minimum secure version
- Update pnpm-lock.yaml with patched dependency versions
- Fix GitHub CI pipeline failure caused by security audit
Security fix:
- Addresses GHSA-xffm-g5w8-qvg7 vulnerability in ConfigCommentParser
- Prevents potential ReDoS attacks through malicious regex patterns
- Ensures development environment security compliance
Files modified:
- pnpm-workspace.yaml: Add security override for @eslint/plugin-kit
- pnpm-lock.yaml: Update dependency lock file with secure versions
This fix resolves the CI pipeline failure and ensures all dependencies meet security requirements.
0 commit comments