fix(security): override shell-quote to ^1.8.4 (GHSA-w7jw-789q-3m8p)#118
fix(security): override shell-quote to ^1.8.4 (GHSA-w7jw-789q-3m8p)#118dhairyashiil wants to merge 1 commit into
Conversation
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
Deployment failed with the following error: View Documentation: https://vercel.com/docs/accounts/team-members-and-roles |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
|
Hey Dhairyashil, my apologies for reaching out here due to the unavailability of your other social media channels. I would greatly appreciate just 10 minutes of your time to discuss something significant regarding an SDE opportunity (not seeking referrel). If possible, could you please share your email address where I could expect a response? Alternatively, I'd appreciate you if you may directly reach me at sde.avishkar@gmail.com thereby opening the door for a private conversation. Thanking you in advance. |
2 participants
Summary
The
Security AuditCI check fails on all PRs becausebun audit --prod --audit-level=criticalfinds a critical vulnerability inshell-quote≤1.8.3 (GHSA-w7jw-789q-3m8p:quote()does not escape newlines in object.opvalues).shell-quote@1.8.3is pulled in transitively byreact-native(viareact-devtools-core) andwxt. Since neither direct dependency has released a bump yet, this adds a package-level override to force resolution to^1.8.4:"overrides": { "axios": "^1.15.0", + "shell-quote": "^1.8.4" }Link to Devin session: https://app.devin.ai/sessions/6a050409a8de452c9a3d2ea19cddc243
Requested by: @dhairyashiil