Skip to content

fix(blockchain): add npm overrides to resolve security vulnerabilities#286

Merged
jumperck merged 1 commit into
mainfrom
fix/blockchain-security-overrides
Jun 11, 2026
Merged

fix(blockchain): add npm overrides to resolve security vulnerabilities#286
jumperck merged 1 commit into
mainfrom
fix/blockchain-security-overrides

Conversation

@jumperck

@jumperck jumperck commented Jun 11, 2026

Copy link
Copy Markdown
Owner

Security Fix

Adds npm overrides to blockchain/package.json to resolve open Dependabot alerts for vulnerable transitive dependencies.

Changes

Package Vulnerable Fixed Severity
tmp ^0.2.4 >=0.2.7 🔴 High — Path Traversal
uuid 3.x >=9.0.1 🟠 Medium — Buffer bounds check
serialize-javascript old >=7.0.5 🟠 Medium — CPU Exhaustion DoS

Verified

  • npm install --package-lock-only --legacy-peer-deps succeeds

fix(blockchain): add npm overrides to resolve security vulnerabilities
951e496 
Update blockchain/package.json to fix vulnerable transitive dependencies:
- tmp: override >=0.2.7 (fixes Path Traversal via unsanitized prefix/postfix)
- uuid: override >=9.0.1 (fixes missing buffer bounds check in v3/v5/v6)
- serialize-javascript: override >=7.0.5 (fixes CPU Exhaustion DoS)

All overrides verified via npm install --package-lock-only.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@jumperck jumperck merged commit 445a2bd into main Jun 11, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jumperck