Commit 0a204c9
authored
fix(deps): bump websocket-driver to 0.7.5 (CVE-2026-54466) (#1046)
Add npm override forcing websocket-driver ^0.7.5 to remediate
CVE-2026-54466 (CRITICAL) flagged by Trivy. websocket-driver is a
dev-only transitive dependency (webpack-dev-server -> sockjs/
faye-websocket) and is not reachable in the static production build,
but a clean patch-level fix is available so we upgrade rather than
suppress.
UID2-7491
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Ticket: UID2-7491
Branch: syw-UID2-7491-websocket-driver-cve1 parent 8d45688 commit 0a204c9
2 files changed
Lines changed: 5 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
65 | 65 | | |
66 | 66 | | |
67 | 67 | | |
68 | | - | |
| 68 | + | |
| 69 | + | |
69 | 70 | | |
70 | 71 | | |
71 | 72 | | |
| |||
0 commit comments