Commit 715a5a2
authored
fix: resolve high-severity npm audit vulnerabilities (#1184)
* fix: resolve high-severity npm audit vulnerabilities
Run npm audit fix to address:
- fast-xml-builder: attribute value quote bypass (high)
- fast-uri: path traversal via percent-encoded dot segments (high, prod dep)
- uuid: missing buffer bounds check (moderate)
Remaining moderate vulnerabilities are in @aws-sdk transitive deps
(fast-xml-parser < 5.7.0) which require upstream SDK updates.
* fix: remove stale fast-xml-parser and @aws-sdk/xml-builder overrides
Both override conditions are now met by upstream:
- @aws-sdk/xml-builder@3.972.22 pins fast-xml-parser@5.7.2
- @aws-sdk/core@3.974.8 requires @aws-sdk/xml-builder ^3.972.22
Removing the overrides allows the natural resolution to pick up
the patched versions, clearing the remaining moderate advisory
(GHSA-gh4j-gqv2-49f6, fast-xml-parser < 5.7.0).
security:audit now reports 0 vulnerabilities (--omit=dev).1 parent 7bf41dd commit 715a5a2
2 files changed
Lines changed: 66 additions & 40 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
149 | 149 | | |
150 | 150 | | |
151 | 151 | | |
152 | | - | |
153 | | - | |
154 | 152 | | |
155 | 153 | | |
156 | 154 | | |
157 | 155 | | |
158 | | - | |
159 | | - | |
160 | 156 | | |
161 | 157 | | |
162 | 158 | | |
| |||
0 commit comments