Skip to content

fix: update vulnerable dependencies via npm overrides#13

Open
guptaankit015 wants to merge 2 commits intomasterfrom
fix/dependabot-vulns
Open

fix: update vulnerable dependencies via npm overrides#13
guptaankit015 wants to merge 2 commits intomasterfrom
fix/dependabot-vulns

Conversation

@guptaankit015
Copy link
Copy Markdown

@guptaankit015 guptaankit015 commented Mar 23, 2026

Summary

  • Add npm overrides to force-update transitive vulnerable dependencies:
    • undici >= 6.24.0 (CRLF injection, memory consumption, request smuggling, decompression chain, WebSocket validation)
    • minimatch >= 9.0.7 (ReDoS)

Resolves Dependabot vulnerability alerts

Made with Cursor

@guptaankit015
fix: update vulnerable dependencies via npm overrides
1bb5a60 
- Force undici >= 6.24.0 (fixes CRLF injection, memory consumption, request smuggling, decompression chain, WebSocket validation)
- Force minimatch >= 9.0.7 (fixes ReDoS vulnerabilities)

Resolves Dependabot vulnerability alerts

Made-with: Cursor
@guptaankit015
chore: regenerate lib with updated dependencies
f04ddf8 
Made-with: Cursor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@suryaoruganti suryaoruganti suryaoruganti approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@guptaankit015 @suryaoruganti