fix(deps): lock undici to fix 3 high and 4 medium vulnerabilities#1805
fix(deps): lock undici to fix 3 high and 4 medium vulnerabilities#1805guoda-puidokaite wants to merge 1 commit into
Conversation
Signed-off-by: I531348 <guoda.puidokaite@sap.com>
|
There was a problem hiding this comment.
Pull request overview
This PR aims to remediate reported jsdom-related vulnerabilities by forcing a safer undici version via pnpm overrides, and updating the lockfile to reflect the new resolution.
Changes:
- Added a pnpm override for
undiciin the rootpackage.json. - Updated
pnpm-lock.yamlto resolveundicito8.6.0(and associated dependency graph adjustments).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| package.json | Adds a pnpm override intended to pin/raise undici to address transitive vulnerabilities. |
| pnpm-lock.yaml | Applies the override in the resolved dependency graph, updating undici and other affected resolutions. |
Files not reviewed (1)
- pnpm-lock.yaml: Generated file
| "shell-quote": ">=1.8.4", | ||
| "esbuild": ">=0.28.1" | ||
| "esbuild": ">=0.28.1", | ||
| "undici": ">=8.6.0" |
| fast-uri: '>=3.1.2' | ||
| shell-quote: '>=1.8.4' | ||
| esbuild: '>=0.28.1' | ||
| undici: '>=8.6.0' |
| undici@8.6.0: | ||
| resolution: {integrity: sha512-l2FlC6I510GawyEd1qgcE/okihKrzy+BRTEBlu6T0fdbM9m5yxtIH5Oa3ysRsH0zC4EhmWUEaSDsy2QngBeRlw==} | ||
| engines: {node: '>=22.19.0'} |
| eslint-plugin-prettier: | ||
| specifier: 5.5.6 | ||
| version: 5.5.6(eslint-config-prettier@10.1.8(eslint@10.3.0(jiti@2.7.0)))(eslint@10.3.0(jiti@2.7.0))(prettier@3.8.3) | ||
| version: 5.5.6(eslint-config-prettier@10.1.8(eslint@10.3.0(jiti@2.7.0)))(eslint@10.3.0(jiti@2.7.0))(prettier@3.8.4) |
Summary
jsdom.jsdom(devDependency last published 2 months ago).undicitransitive dependency causing the issue.Related Issues
Checklist
PR Manifesto
Review the PR Manifesto for best practises.