cs_betty/app
1
0
Fork 0
forked from cartsnitch/app
Code Pull Requests Activity

fix(deps): force picomatch to 4.0.4 to patch high-severity ReDoS

Browse Source 
Adds picomatch@^4.0.4 as a direct dependency to override the vulnerable
4.0.3 pinned in transitive deps (vitest). Resolves 2 high-severity CVEs.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Barcode Betty
2026-03-30 20:15:50 +00:00
committed by Barcode Betty
parent 0870c567ed
commit 096db437da
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package-lock.json
Generated
+1 -1
View File
@@ -10,6 +10,7 @@
"dependencies": {
"@tanstack/react-query": "^5.0.0",
"better-auth": "^1.2.0",
"picomatch": "4.0.4",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"react-router-dom": "^7.0.0",
@@ -7749,7 +7750,6 @@
"version": "4.0.4",
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
"integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
"devOptional": true,
"license": "MIT",
"engines": {
"node": ">=12"
package.json
+1
View File
@@ -14,6 +14,7 @@
"dependencies": {
"@tanstack/react-query": "^5.0.0",
"better-auth": "^1.2.0",
"picomatch": "4.0.4",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"react-router-dom": "^7.0.0",