From 93e1474477324ab4e15b79e263ad881126e47eb2 Mon Sep 17 00:00:00 2001 From: Jonas Date: Sun, 18 Jan 2026 14:09:49 +0000 Subject: [PATCH] fix(security): upgrade glob to 10.5.0 for CVE-2025-64756 Add overrides section to frontend/package.json to force glob@^10.5.0, remediating command injection vulnerability in glob CLI. Co-authored-by: Ona --- frontend/package-lock.json | 6 +++--- frontend/package.json | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 3ae4595..fca1720 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -2415,9 +2415,9 @@ } }, "node_modules/glob": { - "version": "10.4.5", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz", - "integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==", + "version": "10.5.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz", + "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==", "dev": true, "license": "ISC", "dependencies": { diff --git a/frontend/package.json b/frontend/package.json index d0ffcbc..f1742a8 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -15,6 +15,9 @@ "react-dom": "^19.1.1", "react-router-dom": "^7.8.2" }, + "overrides": { + "glob": "^10.5.0" + }, "devDependencies": { "@types/react": "^19.1.12", "@types/react-dom": "^19.1.9",