Skip to content

Commit f2f4d3a

Browse files
atomanticatomantic
committed
fix: resolve npm audit security vulnerabilities
Add overrides to patch vulnerable transitive dependencies in fs-js-lite's request dependency chain: - form-data >=2.5.4 (critical: unsafe random boundary) - qs >=6.14.1 (moderate: arrayLimit bypass DoS) - tough-cookie >=5.1.2 (moderate: prototype pollution) Remaining unfixable: pm2 ReDoS (no fix available), request SSRF (deprecated package, fs-js-lite upstream dependency).
1 parent 9ac6a27 commit f2f4d3a

2 files changed

Lines changed: 38 additions & 32 deletions

File tree

package-lock.json

Lines changed: 29 additions & 32 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,15 @@
4444
"lodash.sample": "^4.2.1",
4545
"yargs": "^18.0.0"
4646
},
47+
"overrides": {
48+
"fs-js-lite": {
49+
"request": {
50+
"form-data": "^2.5.4",
51+
"qs": "^6.14.1",
52+
"tough-cookie": "^5.1.2"
53+
}
54+
}
55+
},
4756
"devDependencies": {
4857
"@playwright/test": "^1.58.2",
4958
"@types/supertest": "^7.2.0",

0 commit comments

Comments
 (0)