fix: patch known vulnerabilities in transitive dependencies#226
fix: patch known vulnerabilities in transitive dependencies#226
Conversation
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 16 minutes and 5 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
- Bump flatted >=3.4.2 (was >=3.4.0) — fixes prototype pollution via parse() - Add picomatch@<3 >=2.3.2 override — fixes ReDoS via extglob quantifiers - Add picomatch@>=4 >=4.0.4 override — fixes ReDoS in 4.x range - Update pnpm-lock.yaml to reflect 3.4.2, 2.3.2, 4.0.4 resolved versions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
himerus
force-pushed
the
feature/sec-patch-vulnerable-transitive-deps
branch
from
cd9357c to
f64ca85
Compare
1 participant
Summary
flattedoverride from>=3.4.0to>=3.4.2— fixes prototype pollution viaparse()(CVE in flatted ≤3.4.1)picomatch@<3: >=2.3.2override — fixes ReDoS via extglob quantifiers inmicromatchdependency chainpicomatch@>=4: >=4.0.4override — fixes ReDoS intinyglobby→picomatch@4.xchainTest plan
pnpm audit --audit-level=highreturns 0 vulnerabilities🤖 Generated with Claude Code