Skip to content

Commit a90dc7c

Browse files
fix: replace pre-commit with @fastify/pre-commit
The pre-commit package is unmaintained and carried a vulnerable version of cross-spawn (CVE-2024-21538). @fastify/pre-commit is a maintained drop-in replacement that ships with a safe cross-spawn@^7.0.3. Also removes the now-unnecessary cross-spawn override. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 0fa4050 commit a90dc7c

2 files changed

Lines changed: 50 additions & 122 deletions

File tree

package-lock.json

Lines changed: 49 additions & 120 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@
6161
"@babel/plugin-transform-runtime": "^7.12.1",
6262
"@babel/preset-env": "^7.23.5",
6363
"@babel/register": "^7.0.0",
64+
"@fastify/pre-commit": "^2.2.1",
6465
"@types/jest": "^29.5.14",
6566
"@types/node": "^18.13.0",
6667
"@types/qs": "^6.9.7",
@@ -79,7 +80,6 @@
7980
"minimist": "^1.2.5",
8081
"mocha": "^10.2.0",
8182
"nock": "^13.5.6",
82-
"pre-commit": "^1.2.2",
8383
"regenerator-runtime": "^0.13.7",
8484
"shelljs": "^0.8.4",
8585
"sinon": "^7.2.0",
@@ -89,7 +89,6 @@
8989
},
9090
"overrides": {
9191
"minimatch": "^10.2.1",
92-
"cross-spawn": "^7.0.6",
9392
"serialize-javascript": "^7.0.4"
9493
},
9594
"lint-staged": {

0 commit comments

Comments
 (0)