Commit 236a5ca
Fix vulnerable transitive dependencies via npm overrides
Add overrides for flatted (^3.4.2) and minimatch (^10.0.0) to resolve
high-severity ReDoS/prototype pollution vulnerabilities in transitive
devDependencies. The ajv vulnerability was not overridden as it requires
the $data option which none of the ESLint plugins use, and forcing v8
breaks eslint-plugin-json-schema-validator's v6 API usage.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent 3e65a25 commit 236a5ca
2 files changed
Lines changed: 92 additions & 127 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
35 | 39 | | |
36 | 40 | | |
37 | 41 | | |
| |||
0 commit comments