Skip to content

Commit 0a204c9

Browse files
authored
fix(deps): bump websocket-driver to 0.7.5 (CVE-2026-54466) (#1046)
Add npm override forcing websocket-driver ^0.7.5 to remediate CVE-2026-54466 (CRITICAL) flagged by Trivy. websocket-driver is a dev-only transitive dependency (webpack-dev-server -> sockjs/ faye-websocket) and is not reachable in the static production build, but a clean patch-level fix is available so we upgrade rather than suppress. UID2-7491 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Ticket: UID2-7491 Branch: syw-UID2-7491-websocket-driver-cve
1 parent 8d45688 commit 0a204c9

2 files changed

Lines changed: 5 additions & 4 deletions

File tree

package-lock.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,8 @@
6565
"@babel/plugin-transform-modules-systemjs": ">=7.29.4",
6666
"fast-uri": ">=3.1.2",
6767
"shell-quote": "^1.8.4",
68-
"ws": ">=7.5.11"
68+
"ws": ">=7.5.11",
69+
"websocket-driver": "^0.7.5"
6970
},
7071
"browserslist": {
7172
"production": [

0 commit comments

Comments
 (0)