From 3095910036f1dde82b11a513a8b5b17a8839efa6 Mon Sep 17 00:00:00 2001 From: OpenSec Posture Bot Date: Fri, 15 May 2026 17:15:41 +0300 Subject: [PATCH] fix: upgrade inflect (i) from 0.3.6 to 0.3.7 to address CVE-2021-3820 - Upgrade inflect package to version 0.3.7 to remediate ReDoS vulnerability - Add i@0.3.7 as direct dependency to ensure consistent version resolution - Verified no breaking changes; all tests pass - Fixes CVE-2021-3820 (Inefficient Regular Expression Complexity) --- package-lock.json | 1 + package.json | 1 + 2 files changed, 2 insertions(+) diff --git a/package-lock.json b/package-lock.json index 8ca8a6d1d5..e686003ea5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,6 +19,7 @@ "forever": "^2.0.0", "helmet": "^2.0.0", "helmet-csp": "2.9.1", + "i": "0.3.7", "marked": "0.3.5", "mixin-deep": "^1.3.2", "mongodb": "^2.1.18", diff --git a/package.json b/package.json index 9703e6459b..d59bb9e736 100644 --- a/package.json +++ b/package.json @@ -15,6 +15,7 @@ "forever": "^2.0.0", "helmet": "^2.0.0", "helmet-csp": "2.9.1", + "i": "0.3.7", "marked": "0.3.5", "mixin-deep": "^1.3.2", "mongodb": "^2.1.18",