Commit ee6a495
fix(security): override undici to ^6.23.0 to fix CVE-2026-22036 (#2006)
Add npm overrides to force undici to version 6.23.0 or higher to address
the unbounded decompression chain vulnerability in HTTP responses.
Resolves: GHSA-g9mf-h72j-4rw9
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>1 parent 35a67be commit ee6a495
2 files changed
+7
-16
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
32 | 35 | | |
33 | 36 | | |
34 | 37 | | |
| |||
0 commit comments