Skip to content

Fix Dependabot security vulnerabilities in undici#1520

Merged
priyanshu92 merged 1 commit intomainfrom
users/priyanshuag/fix-undici-vulnerabilities
Mar 19, 2026
Merged

Fix Dependabot security vulnerabilities in undici#1520
priyanshu92 merged 1 commit intomainfrom
users/priyanshuag/fix-undici-vulnerabilities

Conversation

@priyanshu92
Copy link
Contributor

@priyanshu92 priyanshu92 commented Mar 19, 2026

  • Added npm overrides for undici to resolve 6 open alerts
  • undici@7.22.0 -> ^7.24.0 (via @vscode/vsce -> cheerio)
  • undici@6.23.0 -> ^6.24.0 (via release-it)
  • Addresses WebSocket overflow (high), HTTP smuggling (medium), and CRLF injection (medium) vulnerabilities

@priyanshu92 @claude
Fix Dependabot security vulnerabilities in undici
37db9d9 
- Added npm overrides for undici to resolve 6 open alerts
- undici@7.22.0 -> ^7.24.0 (via @vscode/vsce -> cheerio)
- undici@6.23.0 -> ^6.24.0 (via release-it)
- Addresses WebSocket overflow (high), HTTP smuggling (medium),
  and CRLF injection (medium) vulnerabilities

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@priyanshu92 priyanshu92 requested review from a team as code owners March 19, 2026 06:24
@priyanshu92 priyanshu92 enabled auto-merge (squash) March 19, 2026 06:25
@priyanshu92 priyanshu92 merged commit 78c3237 into main Mar 19, 2026
8 checks passed
@priyanshu92 priyanshu92 deleted the users/priyanshuag/fix-undici-vulnerabilities branch March 19, 2026 10:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tyaginidhi tyaginidhi tyaginidhi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@priyanshu92 @tyaginidhi