fix: add elliptic override as safeguard for GHSA-848j-6mx2-7j84
Clarify PR title and add inline comment explaining: - No patched version exists yet - Override is a forward-looking safeguard - Will auto-resolve when upstream publishes 6.6.2+ Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
committed by
Gandalf the Greybeard [agent]
Gandalf the Greybeard [agent]
parent
f9db755dca
commit
1adb08ccca
@@ -40,6 +40,8 @@
|
|||||||
"vite-plugin-svgr": "^4.5.0",
|
"vite-plugin-svgr": "^4.5.0",
|
||||||
"vitest": "^3.0.5"
|
"vitest": "^3.0.5"
|
||||||
},
|
},
|
||||||
|
// Override for GHSA-848j-6mx2-7j84 (transitive via vite-plugin-node-polyfills → crypto-browserify → browserify-sign → elliptic).
|
||||||
|
// No patched version exists yet; this is a forward-looking safeguard that auto-resolves when upstream publishes 6.6.2+.
|
||||||
"pnpm": {
|
"pnpm": {
|
||||||
"overrides": {
|
"overrides": {
|
||||||
"elliptic": ">=6.6.1"
|
"elliptic": ">=6.6.1"
|
||||||
|
|||||||
Reference in New Issue
Block a user