Commit 8cf8312
committed
fix(website): resolve Dependabot security alerts (serialize-javascript, undici, svgo, minimatch, dompurify)
- serialize-javascript: 7.0.3 (RCE via RegExp.flags/toISOString)
- undici: 7.24.1 (WebSocket/server_max_window_bits, permessage-deflate, CRLF, smuggling, DoS)
- svgo: 3.3.3 (Billion Laughs DoS in DOCTYPE)
- minimatch: 10.2.3 (ReDoS GLOBSTAR and extglobs)
- dompurify: 3.3.3 (XSS)
Added resolutions (yarn) and overrides (npm) to pin patched versions.
npm audit and lockfiles regenerated; 0 vulnerabilities.
Made-with: Cursor1 parent 7d8abad commit 8cf8312
3 files changed
Lines changed: 340 additions & 404 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
62 | 62 | | |
63 | 63 | | |
64 | 64 | | |
65 | | - | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
66 | 70 | | |
67 | 71 | | |
68 | 72 | | |
69 | 73 | | |
70 | 74 | | |
71 | 75 | | |
72 | 76 | | |
73 | | - | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
74 | 82 | | |
75 | 83 | | |
0 commit comments