Skip to content

Commit 0a39f7e

Browse files
cYKatherineclaude
cYKatherine
and
claude
committed
UID2-6699: Fix immutable and svgo HIGH vulnerabilities
Pin immutable to ^4.3.8 (fixes CVE-2026-29063, Prototype Pollution) and svgo to ^3.3.3 (fixes CVE-2026-29074, Billion Laughs DoS) via npm overrides in package.json. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 47a5460 commit 0a39f7e

2 files changed

Lines changed: 20 additions & 20 deletions

File tree

package-lock.json

Lines changed: 17 additions & 19 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,12 +51,14 @@
5151
},
5252
"overrides": {
5353
"body-parser@1": "1.20.3",
54+
"immutable": "^4.3.8",
5455
"minimatch": "^10.2.3",
5556
"path-to-regexp@0": "0.1.12",
5657
"path-to-regexp@1": "1.9.0",
5758
"path-to-regexp@2": "8.0.0",
5859
"qs": "6.14.1",
59-
"serialize-javascript": "^7.0.3"
60+
"serialize-javascript": "^7.0.3",
61+
"svgo": "^3.3.3"
6062
},
6163
"browserslist": {
6264
"production": [

0 commit comments

Comments
 (0)