Skip to content

fix: update tootallnate once to resolve CVE-2026-3449#238

Closed
dannyneira wants to merge 2 commits into
mainfrom
independabot/tootallnate-once-CVE-2026-3449
Closed

fix: update tootallnate once to resolve CVE-2026-3449#238
dannyneira wants to merge 2 commits into
mainfrom
independabot/tootallnate-once-CVE-2026-3449

Conversation

@dannyneira

Copy link
Copy Markdown
Member

Summary

  • Adds an npm overrides entry to force transitive @tootallnate/once to 2.0.1.
  • Updates package-lock.json so the http-proxy-agent transitive edge resolves to the patched version.

Vulnerability

Verification

  • npm audit --json no longer reports @tootallnate/once.
  • npm ci --ignore-scripts
  • npm run build
  • npm run lint

Conversation: https://staging.warp.dev/conversation/e93e8d7f-1c80-4ad0-bf10-97b7e3565da6
Run: https://oz.staging.warp.dev/runs/019e506a-4de1-7057-bb36-627c8c3c656b
This PR was generated with Oz.

Co-Authored-By: Oz <oz-agent@warp.dev>
@dannyneira
dannyneira requested a review from zachbai May 22, 2026 16:06
@dannyneira
dannyneira marked this pull request as ready for review May 26, 2026 21:46
@dannyneira

Copy link
Copy Markdown
Member Author

/oz-review

Rebuild dist artifacts after the dependency override update so check-dist passes.

Co-Authored-By: Oz <oz-agent@warp.dev>
@dannyneira dannyneira closed this Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants