chore(deps): bump tmp override to >=0.2.6 (GHSA-ph9p-34f9-6g65)
CI / commits (pull_request) Successful in 2m48s
CI / scan (pull_request) Successful in 2m49s
CI / a11y (pull_request) Successful in 2m10s
CI / check (pull_request) Successful in 5m30s
Docs site / build (pull_request) Successful in 2m52s
CI / perf (pull_request) Successful in 5m55s
CI / commits (pull_request) Successful in 2m48s
CI / scan (pull_request) Successful in 2m49s
CI / a11y (pull_request) Successful in 2m10s
CI / check (pull_request) Successful in 5m30s
Docs site / build (pull_request) Successful in 2m52s
CI / perf (pull_request) Successful in 5m55s
Bump the existing pnpm override for tmp from >=0.2.4 to >=0.2.6 to cover GHSA-ph9p-34f9-6g65, a path-traversal vulnerability via unsanitized prefix/postfix in tmp <0.2.6. Surfaced by pnpm ci:audit. Both consuming paths in the tree (nx and @lhci/cli) still depend on tmp <0.2.6 at their latest releases, so an upstream upgrade is not an option. Same override pattern that was already in place for the prior tmp advisory, with the lower bound widened. Side effect of pnpm install: @scalar/nestjs-api-reference bumped 1.1.16 -> 1.1.19, both within the existing ^1.1.14 range. Natural transitive resolution, not a deliberate change. Risk: patch bump on a tiny library with a stable API; the 0.2.5 and 0.2.6 releases are sanitization-only fixes.
This commit is contained in:
+1
-1
@@ -49,7 +49,7 @@
|
|||||||
"follow-redirects@<1.16.0": ">=1.16.0",
|
"follow-redirects@<1.16.0": ">=1.16.0",
|
||||||
"ip-address@<10.1.1": ">=10.1.1",
|
"ip-address@<10.1.1": ">=10.1.1",
|
||||||
"protobufjs@<8.0.2": ">=8.0.2",
|
"protobufjs@<8.0.2": ">=8.0.2",
|
||||||
"tmp@<0.2.4": ">=0.2.4",
|
"tmp@<0.2.6": ">=0.2.6",
|
||||||
"uuid@<11.1.1": ">=11.1.1",
|
"uuid@<11.1.1": ">=11.1.1",
|
||||||
"vitepress>vite": ">=6.4.2 <7",
|
"vitepress>vite": ">=6.4.2 <7",
|
||||||
"ws@>=8.0.0 <8.20.1": ">=8.20.1",
|
"ws@>=8.0.0 <8.20.1": ">=8.20.1",
|
||||||
|
|||||||
Generated
+7
-13
@@ -12,7 +12,7 @@ overrides:
|
|||||||
follow-redirects@<1.16.0: '>=1.16.0'
|
follow-redirects@<1.16.0: '>=1.16.0'
|
||||||
ip-address@<10.1.1: '>=10.1.1'
|
ip-address@<10.1.1: '>=10.1.1'
|
||||||
protobufjs@<8.0.2: '>=8.0.2'
|
protobufjs@<8.0.2: '>=8.0.2'
|
||||||
tmp@<0.2.4: '>=0.2.4'
|
tmp@<0.2.6: '>=0.2.6'
|
||||||
uuid@<11.1.1: '>=11.1.1'
|
uuid@<11.1.1: '>=11.1.1'
|
||||||
vitepress>vite: '>=6.4.2 <7'
|
vitepress>vite: '>=6.4.2 <7'
|
||||||
ws@>=8.0.0 <8.20.1: '>=8.20.1'
|
ws@>=8.0.0 <8.20.1: '>=8.20.1'
|
||||||
@@ -10500,12 +10500,8 @@ packages:
|
|||||||
resolution: {integrity: sha512-ELrFxuqsDdHUwoh0XxDbxuLD3Wnz49Z57IFvTtvWy1hJdcMZjXLIuonjilCiWHlT2GbE4Wlv1wKVTzDFnXH1aw==}
|
resolution: {integrity: sha512-ELrFxuqsDdHUwoh0XxDbxuLD3Wnz49Z57IFvTtvWy1hJdcMZjXLIuonjilCiWHlT2GbE4Wlv1wKVTzDFnXH1aw==}
|
||||||
hasBin: true
|
hasBin: true
|
||||||
|
|
||||||
tmp@0.2.4:
|
tmp@0.2.6:
|
||||||
resolution: {integrity: sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==}
|
resolution: {integrity: sha512-5sJPdPjfI5Kx+qbrDesxkglRBxW//g7hCsqspEjwkewGvBMGIKMOTKzLt1hFVJzyadba3lDUN20O9qhvbQUSTA==}
|
||||||
engines: {node: '>=14.14'}
|
|
||||||
|
|
||||||
tmp@0.2.5:
|
|
||||||
resolution: {integrity: sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==}
|
|
||||||
engines: {node: '>=14.14'}
|
engines: {node: '>=14.14'}
|
||||||
|
|
||||||
tmpl@1.0.5:
|
tmpl@1.0.5:
|
||||||
@@ -13721,7 +13717,7 @@ snapshots:
|
|||||||
lighthouse-logger: 1.2.0
|
lighthouse-logger: 1.2.0
|
||||||
open: 7.4.2
|
open: 7.4.2
|
||||||
proxy-agent: 6.5.0
|
proxy-agent: 6.5.0
|
||||||
tmp: 0.2.5
|
tmp: 0.2.6
|
||||||
uuid: 14.0.0
|
uuid: 14.0.0
|
||||||
yargs: 15.4.1
|
yargs: 15.4.1
|
||||||
yargs-parser: 13.1.2
|
yargs-parser: 13.1.2
|
||||||
@@ -18971,7 +18967,7 @@ snapshots:
|
|||||||
dependencies:
|
dependencies:
|
||||||
chardet: 0.7.0
|
chardet: 0.7.0
|
||||||
iconv-lite: 0.4.24
|
iconv-lite: 0.4.24
|
||||||
tmp: 0.2.5
|
tmp: 0.2.6
|
||||||
|
|
||||||
extract-zip@2.0.1:
|
extract-zip@2.0.1:
|
||||||
dependencies:
|
dependencies:
|
||||||
@@ -21105,7 +21101,7 @@ snapshots:
|
|||||||
strip-bom: 3.0.0
|
strip-bom: 3.0.0
|
||||||
supports-color: 7.2.0
|
supports-color: 7.2.0
|
||||||
tar-stream: 2.2.0
|
tar-stream: 2.2.0
|
||||||
tmp: 0.2.4
|
tmp: 0.2.6
|
||||||
tree-kill: 1.2.2
|
tree-kill: 1.2.2
|
||||||
tsconfig-paths: 4.2.0
|
tsconfig-paths: 4.2.0
|
||||||
tslib: 2.8.1
|
tslib: 2.8.1
|
||||||
@@ -22962,9 +22958,7 @@ snapshots:
|
|||||||
dependencies:
|
dependencies:
|
||||||
tldts-core: 7.0.30
|
tldts-core: 7.0.30
|
||||||
|
|
||||||
tmp@0.2.4: {}
|
tmp@0.2.6: {}
|
||||||
|
|
||||||
tmp@0.2.5: {}
|
|
||||||
|
|
||||||
tmpl@1.0.5: {}
|
tmpl@1.0.5: {}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user