Skip to content

Commit e977c15

Browse files
hhvrchhvrc
committed
fix: update dependency overrides for security vulnerabilities
Add pnpm overrides for 7 audit findings (3 high, 4 moderate): - undici >=7.24.0 (via wrangler>miniflare): WebSocket 64-bit length overflow crash, unbounded memory in permessage-deflate decompression, unhandled exception from invalid server_max_window_bits, HTTP request/response smuggling, CRLF injection via upgrade option, unbounded memory in DeduplicationHandler response buffering - brace-expansion >=5.0.5 (via eslint>minimatch): zero-step sequence causes process hang and memory exhaustion
1 parent bc476e4 commit e977c15

2 files changed

Lines changed: 15 additions & 9 deletions

File tree

package.json

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,10 @@
9898
},
9999
"overrides": {
100100
"cookie@<0.7.0": ">=0.7.0",
101-
"js-yaml@<4.1.1": ">=4.1.1"
101+
"js-yaml@<4.1.1": ">=4.1.1",
102+
"undici@>=7.0.0 <7.24.0": ">=7.24.0",
103+
"undici@>=7.17.0 <7.24.0": ">=7.24.0",
104+
"brace-expansion@<5.0.5": ">=5.0.5"
102105
}
103106
}
104107
}

pnpm-lock.yaml

Lines changed: 11 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)