Skip to content

Commit 577f5d7

Browse files
tobyhedetobyhede
committed
fix(deps): use catalog for @clerk/nextjs to resolve GHSA-9qr9-h5gf-34mp
The @cipherstash/nextjs package had @clerk/nextjs pinned to 6.12.9, which pulled in next@15.5.6 as a transitive dependency. This version is vulnerable to GHSA-9qr9-h5gf-34mp. Changed to use catalog:security which resolves to @clerk/nextjs@6.31.2, ensuring next@15.5.9 is used consistently across the monorepo.
1 parent b378df0 commit 577f5d7

File tree

2 files changed

+1776
-1951
lines changed

2 files changed

+1776
-1951
lines changed

packages/nextjs/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@
3636
"release": "tsup"
3737
},
3838
"devDependencies": {
39-
"@clerk/nextjs": "6.12.9",
39+
"@clerk/nextjs": "catalog:security",
4040
"dotenv": "^16.4.7",
4141
"tsup": "catalog:repo",
4242
"typescript": "catalog:repo",

0 commit comments

Comments
 (0)