chore(deps): bump brace-expansion + ws overrides to clear audit
CI / scan (pull_request) Successful in 3m22s
CI / commits (pull_request) Successful in 3m52s
CI / check (pull_request) Successful in 5m41s
CI / a11y (pull_request) Successful in 2m46s
Docs site / build (pull_request) Successful in 3m57s
CI / perf (pull_request) Successful in 8m57s
CI / scan (pull_request) Successful in 3m22s
CI / commits (pull_request) Successful in 3m52s
CI / check (pull_request) Successful in 5m41s
CI / a11y (pull_request) Successful in 2m46s
Docs site / build (pull_request) Successful in 3m57s
CI / perf (pull_request) Successful in 8m57s
Two new GHSA advisories surfaced in pnpm audit: - brace-expansion >=5.0.0 <5.0.6 — DoS via large numeric range (GHSA-jxxr-4gwj-5jf2). The existing override floor was 5.0.5; bump to 5.0.6. - ws >=8.0.0 <8.20.1 — uninitialized memory disclosure (GHSA-58qx-3vcg-4xpx). Reached via @nx/angular > @nx/module-federation > @module-federation/enhanced > @module-federation/dts-plugin > ws@8.18.0. Pinning the override to the 8.x range only — lighthouse's transitive ws@7.5.10 sits outside the advisory. Both fixes are pure pnpm.overrides bumps; remove them once Nx's upstream chain catches up.
This commit is contained in:
+2
-1
@@ -38,13 +38,14 @@
|
||||
"overrides": {
|
||||
"axios@<1.15.2": ">=1.15.2",
|
||||
"@angular-devkit/core>ajv@<8.18.0": ">=8.18.0",
|
||||
"brace-expansion@<5.0.5": ">=5.0.5",
|
||||
"brace-expansion@<5.0.6": ">=5.0.6",
|
||||
"esbuild@<0.25.0": ">=0.25.0",
|
||||
"follow-redirects@<1.16.0": ">=1.16.0",
|
||||
"ip-address@<10.1.1": ">=10.1.1",
|
||||
"protobufjs@<8.0.2": ">=8.0.2",
|
||||
"tmp@<0.2.4": ">=0.2.4",
|
||||
"vitepress>vite": ">=6.4.2 <7",
|
||||
"ws@>=8.0.0 <8.20.1": ">=8.20.1",
|
||||
"yaml@<2.8.3": ">=2.8.3",
|
||||
"@types/express": "^5.0.6"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user