Skip to content

fix: resolve security vulnerabilities in transitive dependencies#88

Open
iteyelmp wants to merge 1 commit intomainfrom
security
Open

fix: resolve security vulnerabilities in transitive dependencies#88
iteyelmp wants to merge 1 commit intomainfrom
security

Conversation

@iteyelmp
Copy link
Copy Markdown
Collaborator

@iteyelmp iteyelmp commented Apr 20, 2026

Updated deep dependencies to address security advisories:

  • Forced rollup to >=4.59.0 to fix Arbitrary File Write via Path Traversal.
  • Forced picomatch to >=4.0.4 to fix Method Injection in POSIX Character Classes.

Since the parent package tsup is already at the latest version, these were addressed using the overrides field to ensure a secure build environment.

@iteyelmp iteyelmp requested review from ping-ke, qzhodl and syntrust April 20, 2026 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qzhodl qzhodl Awaiting requested review from qzhodl

@ping-ke ping-ke Awaiting requested review from ping-ke

@syntrust syntrust Awaiting requested review from syntrust

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iteyelmp