Skip to content

Commit 10a9b7f

Browse files
committed
fix(deps): bump undici override to 7.28.0 to clear high-severity audit
The pnpm production audit fails on GHSA-vmh5-mc38-953g (undici TLS certificate validation bypass via SOCKS5 ProxyAgent), pulled in transitively through apps/docs > cheerio > undici. The existing override pinned undici to 7.24.0, which is still within the vulnerable range (>=7.23.0 <7.28.0). Bump the override to the patched 7.28.0.
1 parent 4a6d3d4 commit 10a9b7f

2 files changed

Lines changed: 6 additions & 6 deletions

File tree

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@
6666
"svgo@>=3.0.0 <3.3.3": "3.3.3",
6767
"tar@<7.5.11": "7.5.11",
6868
"tmp@<0.2.6": "0.2.6",
69-
"undici@>=7.0.0 <7.24.0": "7.24.0",
69+
"undici@>=7.0.0 <7.28.0": "7.28.0",
7070
"vite@>=7.0.0 <=7.3.4": "7.3.5",
7171
"ws@>=7.0.0 <7.5.11": "7.5.11",
7272
"ws@>=8.0.0 <8.21.0": "8.21.0"

pnpm-lock.yaml

Lines changed: 5 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)