Commit a0ed07c
security: Fix Dependabot vulnerabilities (2 high severity)
Fixed vulnerabilities:
- Next.js: Upgrade to 15.5.10 (fixes DoS via React Server Components)
- tar: Override to v7.5.7+ (fixes arbitrary file creation via hardlink traversal)
Remaining (accepted):
- Next.js PPR Resume Endpoint (moderate severity) - requires major version upgrade to v16
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>1 parent b3451ef commit a0ed07c
2 files changed
Lines changed: 15 additions & 12 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
14 | 17 | | |
15 | 18 | | |
16 | 19 | | |
| |||
20 | 23 | | |
21 | 24 | | |
22 | 25 | | |
23 | | - | |
| 26 | + | |
24 | 27 | | |
25 | 28 | | |
26 | 29 | | |
| |||
0 commit comments