Skip to content
This repository was archived by the owner on Jan 27, 2026. It is now read-only.

Commit a9768c7

Browse files
ona-security-engineerona-agent
ona-security-engineer
and
ona-agent
committed
fix: remediate CVE-2025-15284 in qs dependency
Add npm override to pin qs@6.14.1, fixing prototype pollution vulnerability in query string parsing. Co-authored-by: Ona <no-reply@ona.com>
1 parent 84ff2aa commit a9768c7

2 files changed

Lines changed: 9 additions & 3 deletions

File tree

backend/catalog/package-lock.json

Lines changed: 6 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

backend/catalog/package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,9 @@
22
"name": "catalog-service",
33
"version": "1.0.0",
44
"description": "Catalog service for Gitpod Flix",
5+
"overrides": {
6+
"qs": "6.14.1"
7+
},
58
"main": "src/index.ts",
69
"scripts": {
710
"start": "ts-node src/index.ts",

0 commit comments

Comments
 (0)