Skip to content

chore: fix undici vuln#428

Merged
peppescg merged 1 commit into
mainfrom
fix-undici-vuln
Mar 16, 2026
Merged

chore: fix undici vuln#428
peppescg merged 1 commit into
mainfrom
fix-undici-vuln

Conversation

@peppescg

@peppescg peppescg commented Mar 16, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Upgrading better-auth to the latest, will not solve the issue, so overrides is needed

@peppescg peppescg self-assigned this Mar 16, 2026
Copilot AI review requested due to automatic review settings March 16, 2026 11:21
@github-actions github-actions Bot added the size/S Small PR: 100-299 lines changed label Mar 16, 2026
Copilot AI reviewed Mar 16, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates dependency resolution to remediate an Undici security issue by forcing Undici v7 across the dependency graph, and regenerates the lockfile accordingly.

Changes:

  • Add a pnpm.overrides entry to force undici to v7.
  • Regenerate pnpm-lock.yaml, updating undici to 7.24.0 and refreshing related transitive dependencies (including new optional mongodb entries via better-auth).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.

File Description
package.json Adds a pnpm override for undici to steer installs away from vulnerable versions.
pnpm-lock.yaml Applies the override in the lockfile and records updated resolved versions (notably undici@7.24.0 plus other transitive changes).
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

Comment thread package.json
Comment thread pnpm-lock.yaml
Comment thread pnpm-lock.yaml
@peppescg peppescg merged commit 845ce4e into main Mar 16, 2026
15 checks passed
@peppescg peppescg deleted the fix-undici-vuln branch March 16, 2026 11:42
@peppescg peppescg mentioned this pull request Mar 17, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kantord kantord kantord approved these changes

Assignees

@peppescg peppescg

Labels

size/S Small PR: 100-299 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@peppescg @kantord