diff options
| author | Pawel Zelawski <pawel.zelawski@outlook.com> | 2026-03-01 13:41:23 +0100 |
|---|---|---|
| committer | Pawel Zelawski <pawel.zelawski@outlook.com> | 2026-03-01 13:41:23 +0100 |
| commit | 00e7e4fbf5a6fc41b88631fd34e98e48eeb9fc6a (patch) | |
| tree | 2137bf47545f031dd951ca13eacdc2f2fb2b300a /src/server | |
| parent | 31bf3e64ce084b5410ce90a36039009bf9258e15 (diff) | |
Security Updates:
- digiid-ts: 2.0.1-beta.2 → 2.0.2 (fixes internal dependency vulnerability)
- rollup: 4.58.0 → 4.59.0 (fixes arbitrary file write via path traversal - GHSA-mw96-cpmx-2vgc)
- qs: 6.14.1 → 6.14.2 (fixes arrayLimit bypass in comma parsing DoS - GHSA-w7fw-mjwx-w883)
- express: 4.21.2 → 4.22.1 (updated with qs dependency)
- minimatch: multiple updates (fixes ReDoS vulnerabilities)
- ajv: updated to 6.14.0+ (fixes ReDoS with $data option)
Impact:
- Rollup: Prevented arbitrary file write through path traversal sequences
- qs: Fixed denial-of-service via comma-separated array limit bypass
- digiid-ts: Resolved vulnerability in @noble/curves dependency
Result: 0 vulnerabilities (npm audit clean)
Diffstat (limited to 'src/server')
0 files changed, 0 insertions, 0 deletions