Barazo default frontend
barazo.forum
fix(security): force undici >=7.24.0 to resolve GHSA-f269-vfmq-vjvj (#227)
* fix(security): force undici >=7.24.0 to resolve GHSA-f269-vfmq-vjvj
Adds pnpm override for undici to fix HIGH severity vulnerability:
- CVE: GHSA-f269-vfmq-vjvj
- Issue: Malicious WebSocket 64-bit length overflows parser
- Path: isomorphic-dompurify > jsdom > undici
- Fixed versions: >=7.24.0
* chore: update lockfile for undici override
authored by
Guido X Jansen
and committed by
GitHub
a1c243dd
fa60b84f
+13
-11
+5
package.json
+5
package.json
+8
-11
pnpm-lock.yaml
+8
-11
pnpm-lock.yaml
···
34
34
specifier: 4.3.6
35
35
version: 4.3.6
36
36
37
+
overrides:
38
+
undici: '>=7.24.0'
39
+
37
40
importers:
38
41
39
42
.:
···
5177
5180
undici-types@7.18.2:
5178
5181
resolution: {integrity: sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==}
5179
5182
5180
-
undici@6.23.0:
5181
-
resolution: {integrity: sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==}
5182
-
engines: {node: '>=18.17'}
5183
-
5184
-
undici@7.21.0:
5185
-
resolution: {integrity: sha512-Hn2tCQpoDt1wv23a68Ctc8Cr/BHpUSfaPYrkajTXOS9IKpxVRx/X5m1K2YkbK2ipgZgxXSgsUinl3x+2YdSSfg==}
5183
+
undici@7.24.4:
5184
+
resolution: {integrity: sha512-BM/JzwwaRXxrLdElV2Uo6cTLEjhSb3WXboncJamZ15NgUURmvlXvxa6xkwIOILIjPNo9i8ku136ZvWV0Uly8+w==}
5186
5185
engines: {node: '>=20.18.1'}
5187
5186
5188
5187
unique-string@2.0.0:
···
7931
7930
parse5: 7.3.0
7932
7931
parse5-htmlparser2-tree-adapter: 7.1.0
7933
7932
parse5-parser-stream: 7.1.2
7934
-
undici: 6.23.0
7933
+
undici: 7.24.4
7935
7934
whatwg-mimetype: 4.0.0
7936
7935
7937
7936
chrome-launcher@0.13.4:
···
9312
9311
saxes: 6.0.0
9313
9312
symbol-tree: 3.2.4
9314
9313
tough-cookie: 6.0.0
9315
-
undici: 7.21.0
9314
+
undici: 7.24.4
9316
9315
w3c-xmlserializer: 5.0.0
9317
9316
webidl-conversions: 8.0.1
9318
9317
whatwg-mimetype: 5.0.0
···
10869
10868
10870
10869
undici-types@7.18.2: {}
10871
10870
10872
-
undici@6.23.0: {}
10873
-
10874
-
undici@7.21.0: {}
10871
+
undici@7.24.4: {}
10875
10872
10876
10873
unique-string@2.0.0:
10877
10874
dependencies: