chore(deps): bump on-headers to ^1.1.0 (#5704)

antonis · claude · web-flow · commit 35b66e7a226c · 2026-02-27T11:18:02.000Z
Adds a yarn resolution to force on-headers to &gt;=1.1.0, patching
HTTP response header manipulation vulnerability (affected range: &lt; 1.1.0).

Co-authored-by: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/package.json b/package.json
@@ -65,6 +65,7 @@
     "qs": "^6.14.2",
     "lodash": "^4.17.23",
     "tar-fs": "^3.1.1",
+    "on-headers": "^1.1.0",
     "diff": "^5.2.2",
     "tar": "^7.5.7"
   },
diff --git a/yarn.lock b/yarn.lock
@@ -27635,10 +27635,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"on-headers@npm:~1.0.2":
-  version: 1.0.2
-  resolution: "on-headers@npm:1.0.2"
-  checksum: 2bf13467215d1e540a62a75021e8b318a6cfc5d4fc53af8e8f84ad98dbcea02d506c6d24180cd62e1d769c44721ba542f3154effc1f7579a8288c9f7873ed8e5
+"on-headers@npm:^1.1.0":
+  version: 1.1.0
+  resolution: "on-headers@npm:1.1.0"
+  checksum: 98aa64629f986fb8cc4517dd8bede73c980e31208cba97f4442c330959f60ced3dc6214b83420491f5111fc7c4f4343abe2ea62c85f505cf041d67850f238776
   languageName: node
   linkType: hard
 
