Skip to content

fix(ui): resolve 9 npm security vulnerabilities#917

Open
7y2v62s55s-maker wants to merge 1 commit into
ostris:mainfrom
7y2v62s55s-maker:fix/npm-security-vulnerabilities
Open

fix(ui): resolve 9 npm security vulnerabilities#917
7y2v62s55s-maker wants to merge 1 commit into
ostris:mainfrom
7y2v62s55s-maker:fix/npm-security-vulnerabilities

Conversation

@7y2v62s55s-maker

@7y2v62s55s-maker 7y2v62s55s-maker commented Jun 27, 2026

Copy link
Copy Markdown

What

Fix all 9 npm security vulnerabilities (2 low, 2 moderate, 5 high) in the UI dependencies.

Changes

Upgraded

  • sqlite3: 5.1.76.0.1
    • Fixes: @tootallnate/once, http-proxy-agent, make-fetch-happen, node-gyp, tar, cacache

Added Overrides (package.json)

  • dompurify@3.4.11 (via monaco-editor) — 15 XSS & prototype pollution fixes
  • postcss@8.5.10 (via next) — XSS via unescaped </style> fix

Verification

$ npm audit
found 0 vulnerabilities

- Upgrade sqlite3 from 5.1.7 to 6.0.1 (fixes @tootallnate/once, http-proxy-agent, make-fetch-happen, node-gyp, tar, cacache vulnerabilities)
- Add package overrides for dompurify@3.4.11 (via monaco-editor) - fixes 15 XSS and prototype pollution vulnerabilities
- Add package overrides for postcss@8.5.10 (via next) - fixes XSS via unescaped </style>

All 9 vulnerabilities (2 low, 2 moderate, 5 high) are now resolved with 0 remaining.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant