fix(deps): override picomatch in desktop to fix ReDoS and method injection vulnerabilities
Adds pnpm override for picomatch >=4.0.4 in the desktop workspace since pnpm update alone did not resolve the transitive dependency.
This commit is contained in:
parent
98ac119f44
commit
d207de82ef
|
|
@ -66,7 +66,8 @@
|
|||
"overrides": {
|
||||
"minimatch": "^10.2.3",
|
||||
"tar": "^7.5.11",
|
||||
"@tootallnate/once": "^3.0.1"
|
||||
"@tootallnate/once": "^3.0.1",
|
||||
"picomatch": ">=4.0.4"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ overrides:
|
|||
minimatch: ^10.2.3
|
||||
tar: ^7.5.11
|
||||
'@tootallnate/once': ^3.0.1
|
||||
picomatch: '>=4.0.4'
|
||||
|
||||
importers:
|
||||
|
||||
|
|
@ -643,7 +644,7 @@ packages:
|
|||
resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
|
||||
engines: {node: '>=12.0.0'}
|
||||
peerDependencies:
|
||||
picomatch: ^3 || ^4
|
||||
picomatch: '>=4.0.4'
|
||||
peerDependenciesMeta:
|
||||
picomatch:
|
||||
optional: true
|
||||
|
|
@ -1150,8 +1151,8 @@ packages:
|
|||
pend@1.2.0:
|
||||
resolution: {integrity: sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==}
|
||||
|
||||
picomatch@4.0.3:
|
||||
resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
|
||||
picomatch@4.0.4:
|
||||
resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
|
||||
engines: {node: '>=12'}
|
||||
|
||||
plist@3.1.0:
|
||||
|
|
@ -2449,9 +2450,9 @@ snapshots:
|
|||
dependencies:
|
||||
pend: 1.2.0
|
||||
|
||||
fdir@6.5.0(picomatch@4.0.3):
|
||||
fdir@6.5.0(picomatch@4.0.4):
|
||||
optionalDependencies:
|
||||
picomatch: 4.0.3
|
||||
picomatch: 4.0.4
|
||||
|
||||
filelist@1.0.4:
|
||||
dependencies:
|
||||
|
|
@ -2982,7 +2983,7 @@ snapshots:
|
|||
|
||||
pend@1.2.0: {}
|
||||
|
||||
picomatch@4.0.3: {}
|
||||
picomatch@4.0.4: {}
|
||||
|
||||
plist@3.1.0:
|
||||
dependencies:
|
||||
|
|
@ -3310,8 +3311,8 @@ snapshots:
|
|||
|
||||
tinyglobby@0.2.15:
|
||||
dependencies:
|
||||
fdir: 6.5.0(picomatch@4.0.3)
|
||||
picomatch: 4.0.3
|
||||
fdir: 6.5.0(picomatch@4.0.4)
|
||||
picomatch: 4.0.4
|
||||
|
||||
tmp-promise@3.0.3:
|
||||
dependencies:
|
||||
|
|
|
|||
Loading…
Reference in New Issue