Commit 5bccf87
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?v=4&size=40){kind=avatar}
fix: upgrade undici to 6.23.0 to address CVE-2026-22036
This adds an npm override to force undici to ^6.23.0, which fixes the
unbounded decompression chain vulnerability (GHSA-g9mf-h72j-4rw9).
The vulnerability allowed a malicious server to insert thousands of
compression steps leading to high CPU usage and excessive memory allocation.
Co-Authored-By: David Konigsberg <davidakonigsberg@gmail.com>1 parent 5f5761a commit 5bccf87
3 files changed
Lines changed: 23902 additions & 22884 deletions
0 commit comments