Commit ce27741
Fix prismjs DOM Clobbering vulnerability (Dependabot #45)
Add npm override in app/package.json to force prismjs ^1.30.0,
resolving the vulnerable 1.27.0 version nested under refractor 3.x
(transitive dep of react-syntax-highlighter).
Note: The remaining Dependabot alerts (pypdf #47-60, requests #46)
cannot be fixed here — they are pinned by upstream dependencies
(graphrag-sdk pins pypdf<6.0.0, multilspy pins requests==2.32.3).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>1 parent e844a53 commit ce27741
2 files changed
Lines changed: 3 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
44 | 47 | | |
45 | 48 | | |
46 | 49 | | |
| |||
0 commit comments