Skip to content

Commit d4a39b9

Browse files
sayak-sarkarsayak-sarkar
committed
fix(security): resolve Dependabot alert #5 for on-headers vulnerability
- Add npm override to force on-headers version ^1.1.0 to fix HTTP response header manipulation vulnerability - Transitive dependency from serve@14.2.4 → compression@1.7.4 → on-headers@1.0.2 was vulnerable - Override ensures all instances of on-headers use secure version 1.1.0 or later - Verified with npm audit - no vulnerabilities found Resolves: Dependabot alert #5 CVE: on-headers < 1.1.0 vulnerable to response header manipulation Impact: Prevents inadvertent response header modification when array passed to response.writeHead()
1 parent 7e9dfa0 commit d4a39b9

File tree

2 files changed

+6
-3
lines changed

2 files changed

+6
-3
lines changed

package-lock.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,9 @@
6464
"sharp": "^0.33.1",
6565
"shelljs": "^0.8.5"
6666
},
67+
"overrides": {
68+
"on-headers": "^1.1.0"
69+
},
6770
"engines": {
6871
"node": ">=16.0.0",
6972
"npm": ">=8.0.0"

0 commit comments

Comments
 (0)