From cbbe83e4fbe52fa72113109ea0bafb3ecfa29d29 Mon Sep 17 00:00:00 2001
From: Mahmoud Hamdi <hmdy7486@gmail.com>
Date: Sun, 29 Mar 2026 04:39:52 +0200
Subject: [PATCH] deps: update http-errors from 1.6.x to 2.0.x

Update http-errors dependency from ~1.6.3 to ~2.0.0. The old version
pulled in depd@1.1.2 which uses eval() internally, causing security
warnings in bundlers and strict CSP environments. http-errors@2.0.0
depends on depd@2.0.0 which does not use eval().

All existing tests pass with the updated dependency.

Fixes #6
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5c9f92f..6ae3a6a 100644
--- a/package.json
+++ b/package.json
@@ -9,7 +9,7 @@
   "license": "MIT",
   "repository": "pillarjs/resolve-path",
   "dependencies": {
-    "http-errors": "~1.6.3",
+    "http-errors": "~2.0.0",
     "path-is-absolute": "1.0.1"
   },
   "devDependencies": {