Skip to content

Commit d1099c9

Browse files
staticWagomUstaticWagomU
committed
fix: devalue プロトタイプ汚染脆弱性の修正 (CVE-2025-57820)
- devalue を 5.1.1 から 5.3.2 にアップデート - GitHub Dependabot セキュリティアラート #40 に対応 - pnpm overrides を使用して強制的にバージョンを指定 - GHSA-vj54-72f3-p5jv の脆弱性を解消
1 parent 484a87b commit d1099c9

File tree

2 files changed

+11
-5
lines changed

2 files changed

+11
-5
lines changed

2025/package.json

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,9 @@
5252
"onlyBuiltDependencies": [
5353
"esbuild",
5454
"sharp"
55-
]
55+
],
56+
"overrides": {
57+
"devalue": "^5.3.2"
58+
}
5659
}
5760
}

2025/pnpm-lock.yaml

Lines changed: 7 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)