Commit a960cbe
committed
fix(deps): bump diff to ^9.0.0 to clear GHSA-73rr-hh4g-fpgx (#1588)
`npm audit` flags diff@7.0.0 with a low-severity DoS in
parsePatch/applyPatch (GHSA-73rr-hh4g-fpgx, affected 6.0.0–8.0.2,
fixed in 9.0.0). gstack uses diff against local content the user
controls so practical risk is low, but the advisory surfaces on every
audit pass and blocks clean supply-chain runs for users vendoring
gstack.
The 9.0.0 breaking changes only touch parsePatch / applyPatch /
createPatch and the ESM/CJS exports. Both call sites in this repo
(browse/src/snapshot.ts:568, browse/src/meta-commands.ts:712) use
`Diff.diffLines`, whose signature and return shape are unchanged in
v9, so this is a no-op at runtime.1 parent 026751e commit a960cbe
2 files changed
Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
45 | 45 | | |
46 | 46 | | |
47 | 47 | | |
48 | | - | |
| 48 | + | |
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
| |||
0 commit comments