From 49f83b48196fbc260979f4a808328a34992b12c5 Mon Sep 17 00:00:00 2001
From: Pawel Zelawski <pawel.zelawski@outlook.com>
Date: Sun, 1 Mar 2026 13:29:50 +0100
Subject: fix: resolve Rollup path traversal vulnerability (CVE)

- Upgrade rollup from 4.40.0 to 4.59.0 via npm override
- Fix Rollup arbitrary file write vulnerability via path traversal
- Upgrade minimatch to 10.2.3 to fix ReDoS vulnerabilities
- All security vulnerabilities resolved (0 vulnerabilities)
- Tests and build verified working
---
 package.json | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'package.json')

diff --git a/package.json b/package.json
index 6522191..83f3f5a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "digiid-ts",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "A modern TypeScript implementation of the DigiID authentication protocol.",
   "main": "dist/digiid-ts.umd.js",
   "module": "dist/digiid-ts.es.js",
@@ -76,6 +76,8 @@
   },
   "overrides": {
     "glob": "^10.5.0",
-    "brace-expansion": "^2.0.2"
+    "brace-expansion": "^2.0.2",
+    "rollup": "^4.59.0",
+    "minimatch": "^10.2.3"
   }
-}
+}
\ No newline at end of file
-- 
cgit v1.2.3