Skip to content

security: fix vulnerable dependencies#1336

Open
iabubakardev wants to merge 1 commit intomainfrom
security/fix-vulnerable-dependencies
Open

security: fix vulnerable dependencies#1336
iabubakardev wants to merge 1 commit intomainfrom
security/fix-vulnerable-dependencies

Conversation

@iabubakardev
Copy link
Contributor

@iabubakardev iabubakardev commented Sep 29, 2025

  • Upgrade sha.js from 2.4.11 to 2.4.12 (CVE-2025-9288) Fixes hash state manipulation vulnerability

  • Upgrade form-data from 4.0.1/4.0.3 to 4.0.4 (CVE-2025-7783) Fixes predictable boundary generation vulnerability

  • Upgrade axios from 1.9.0/1.8.3 to 1.12.2 Fixes DoS attack via data: URI vulnerability

All upgrades applied via pnpm overrides to ensure transitive dependencies are also updated to secure versions.

@iabubakardev
security: fix vulnerable dependencies
56cc528 
- Upgrade sha.js from 2.4.11 to 2.4.12 (CVE-2025-9288)
  Fixes hash state manipulation vulnerability

- Upgrade form-data from 4.0.1/4.0.3 to 4.0.4 (CVE-2025-7783)
  Fixes predictable boundary generation vulnerability

- Upgrade axios from 1.9.0/1.8.3 to 1.12.2
  Fixes DoS attack via data: URI vulnerability

All upgrades applied via pnpm overrides to ensure transitive
dependencies are also updated to secure versions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BrettCleary BrettCleary BrettCleary approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@iabubakardev @BrettCleary