Skip to content

bug: vulnerabilities in dependency package diff #184

Open
Open
bug: vulnerabilities in dependency package diff#184
@alessandro-motiv8ai

Description

@alessandro-motiv8ai
alessandro-motiv8ai
opened on Feb 9, 2026

npm audit reports that cedar-os is depends on vulnerable versions of diff:

diff  6.0.0 - 8.0.2
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - https://github.com/advisories/GHSA-73rr-hh4g-fpgx
fix available via `npm audit fix --force`
Will install cedar-os@0.1.18, which is a breaking change
node_modules/cedar-os/node_modules/diff
  cedar-os  >=0.1.19
  Depends on vulnerable versions of diff
  node_modules/cedar-os

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions