fix(deps): force picomatch to 4.0.4 to patch high-severity ReDoS
Adds picomatch@^4.0.4 as a direct dependency to override the vulnerable 4.0.3 pinned in transitive deps (vitest). Resolves 2 high-severity CVEs. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Barcode Betty
committed by
Barcode Betty
Barcode Betty
parent
0870c567ed
commit
096db437da
@@ -14,6 +14,7 @@
|
||||
"dependencies": {
|
||||
"@tanstack/react-query": "^5.0.0",
|
||||
"better-auth": "^1.2.0",
|
||||
"picomatch": "4.0.4",
|
||||
"react": "^18.3.1",
|
||||
"react-dom": "^18.3.1",
|
||||
"react-router-dom": "^7.0.0",
|
||||
|
||||
Reference in New Issue
Block a user