Skip to content

Commit 567fdef

Browse files
notgitikanotgitika
authored
fix: override fast-xml-parser to 5.3.6 for CVE-2026-26278 (#330)
1 parent 66f3f91 commit 567fdef

File tree

2 files changed

+13
-5
lines changed

2 files changed

+13
-5
lines changed

package-lock.json

Lines changed: 7 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -120,6 +120,12 @@
120120
"typescript-eslint": "^8.50.1",
121121
"vitest": "^4.0.18"
122122
},
123+
"overridesComments": {
124+
"fast-xml-parser": "CVE-2026-26278: @aws-sdk/xml-builder pins fast-xml-parser@5.3.4 which is vulnerable to DoS via entity expansion. Remove this override once @aws-sdk/xml-builder updates its pin to >=5.3.6."
125+
},
126+
"overrides": {
127+
"fast-xml-parser": "5.3.6"
128+
},
123129
"engines": {
124130
"node": ">=20"
125131
},

0 commit comments

Comments
 (0)