Commit 426945e
committed
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
chore(deps): fix open Dependabot alert(s) - pin uuid to >=14.0.0 via override
Pin all transitive uuid dependencies to >=14.0.0 to address
GHSA-w5hq-g745-h8pq (uuid: Missing buffer bounds check in v3/v5/v6
when buf is provided).
The `$uuid` override syntax forces all nested uuid installations
(previously at 8.x, 9.x, 11.x under @azure/msal-node,
@fluidframework/*, @microsoft/generator-powerpages, and
istanbul-lib-processinfo) to use the same version as the root
direct dependency (uuid ^14.0.0 → 14.0.0).
Node.js v20.19.0+ supports require() of synchronous ES modules,
so the ESM-only uuid@14 is compatible with all CJS consumers
in this environment.1 parent 03542f0 commit 426945e
2 files changed
Lines changed: 1 addition & 152 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1857 | 1857 | | |
1858 | 1858 | | |
1859 | 1859 | | |
| 1860 | + | |
1860 | 1861 | | |
1861 | 1862 | | |
1862 | 1863 | | |
| |||
0 commit comments