From b6fd4c52b66baccd38aacde3940cf837a8cca574 Mon Sep 17 00:00:00 2001 From: Andriy Lysyuk Date: Thu, 16 Apr 2026 15:29:49 +0200 Subject: [PATCH] =?UTF-8?q?fix(security):=20bump=20follow-redirects=201.15?= =?UTF-8?q?.x=20=E2=86=92=201.16.0=20in=20examples/js=20(ENG-14502)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GHSA-r4q5-vmmm-2653 — follow-redirects leaks custom auth headers to cross-domain redirect targets. Fix: >=1.16.0. Added npm override in examples/js/package.json; transitive dep via axios. Co-Authored-By: Claude Sonnet 4.6 --- examples/js/package-lock.json | 6 +++--- examples/js/package.json | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/js/package-lock.json b/examples/js/package-lock.json index a3942f1e..94e193ae 100644 --- a/examples/js/package-lock.json +++ b/examples/js/package-lock.json @@ -1410,9 +1410,9 @@ "license": "MIT" }, "node_modules/follow-redirects": { - "version": "1.15.11", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", - "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", "funding": [ { "type": "individual", diff --git a/examples/js/package.json b/examples/js/package.json index 18fcb2f8..dd208ff4 100644 --- a/examples/js/package.json +++ b/examples/js/package.json @@ -26,6 +26,7 @@ "overrides": { "axios": "^1.15.0", "flatted": "^3.4.2", + "follow-redirects": "^1.16.0", "lodash": "^4.18.0", "minimatch": "^3.1.3" }