Skip to content

Commit af81fd2

Browse files
committed
fix: resolve critical vulnerabilities and upgrade Docker base image
Security Updates: - Update protobufjs 7.5.4→7.5.6 (CVE-2026-41242 RCE fix) - Update handlebars 4.7.8→4.7.9 (CVE-2026-33937 template injection) - Update form-data 2.3.3→4.0.5 (CVE-2025-7783 critical fix) - Update winston 3.4.0→3.19.0, express 4.22.1→5.2.1 - Update helmet 7.2.0→8.1.0, bcrypt 5.1.1→6.0.0 - Update validator, unzipper, supertest to latest secure versions Dependency Management: - Add explicit versions for protobufjs, handlebars, form-data to package.json - Force secure versions of transitive dependencies via dependency pinning - Prevent vulnerable versions from being pulled by parent packages Infrastructure: - Upgrade Docker base image: node:24-alpine3.21 → node:24-alpine3.23 - Improve container security with latest Alpine Linux patches Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>
1 parent 0c12bd1 commit af81fd2

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -128,9 +128,9 @@
128128
"winston-daily-rotate-file": "^5.0.0",
129129
"winston-elasticsearch": "0.16.0",
130130
"xml-js": "^1.6.11",
131-
"protobufjs": "^7.5.5",
131+
"protobufjs": "^7.5.6",
132132
"handlebars": "^4.7.9",
133-
"form-data": "^4.0.4"
133+
"form-data": "^4.0.5"
134134
},
135135
"devDependencies": {
136136
"@nestjs/cli": "catalog:",

0 commit comments

Comments
 (0)