Skip to content

chore: bump h3 to ^1.15.6 via pnpm override#403

Merged
gregnazario merged 1 commit intomainfrom
cursor/h3-dependency-vulnerabilities-4686
Mar 20, 2026
Merged

chore: bump h3 to ^1.15.6 via pnpm override#403
gregnazario merged 1 commit intomainfrom
cursor/h3-dependency-vulnerabilities-4686

Conversation

@gregnazario
Copy link
Collaborator

@gregnazario gregnazario commented Mar 20, 2026

Summary

  • Add a pnpm.overrides entry for h3 set to ^1.15.6 so transitive dependencies resolve to a patched release (lockfile now resolves h3@1.15.9).
  • Addresses security advisories affecting older h3 versions.

Testing

  • pnpm install
  • pnpm lint
  • pnpm prepush / astro check (ran on push)
Open in Web Open in Cursor 

@cursoragent
chore: pin h3 to ^1.15.6 via pnpm override
c9013b5 
Forces transitive h3 to a patched release to address security advisories.
Copilot AI review requested due to automatic review settings March 20, 2026 02:56
@vercel
Copy link

vercel bot commented Mar 20, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
aptos-docs Ready Ready Preview, Comment Mar 20, 2026 2:59am

Request Review

Copilot AI reviewed Mar 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR mitigates security advisories by forcing transitive dependency resolution of h3 to a patched 1.15.x release using pnpm.overrides, updating the lockfile accordingly.

Changes:

  • Add pnpm.overrides.h3 = "^1.15.6" in package.json.
  • Update pnpm-lock.yaml to include the corresponding override and resolve h3 to 1.15.9 in the lockfile/snapshots.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Adds a pnpm override to ensure h3 resolves to a patched 1.15.x version across the dependency graph.
pnpm-lock.yaml Records the override and updates resolved h3 entries/snapshots to 1.15.9.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@gregnazario gregnazario merged commit 3933f14 into main Mar 20, 2026
11 checks passed
@gregnazario gregnazario deleted the cursor/h3-dependency-vulnerabilities-4686 branch March 20, 2026 03:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gregnazario @cursoragent