Skip to content

Commit 45cf252

Browse files
antonisclaude
antonis
and
claude
authored
chore(deps): bump diff to ^5.2.2 (#5705)
Adds a yarn resolution to force diff to >=5.2.2, patching DoS vulnerabilities in parsePatch and applyPatch. Resolves both the 4.x (affected: >= 4.0.0, < 4.0.4) and 5.x (affected: >= 5.0.0, < 5.2.2) series by consolidating all consumers onto 5.2.2. Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 7065cf7 commit 45cf252

File tree

2 files changed

+5
-11
lines changed

2 files changed

+5
-11
lines changed

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,7 @@
6565
"qs": "^6.14.2",
6666
"lodash": "^4.17.23",
6767
"tar-fs": "^3.1.1",
68+
"diff": "^5.2.2",
6869
"tar": "^7.5.7"
6970
},
7071
"version": "0.0.0",

yarn.lock

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -17677,17 +17677,10 @@ __metadata:
1767717677
languageName: node
1767817678
linkType: hard
1767917679

17680-
"diff@npm:5.2.0":
17681-
version: 5.2.0
17682-
resolution: "diff@npm:5.2.0"
17683-
checksum: 12b63ca9c36c72bafa3effa77121f0581b4015df18bc16bac1f8e263597735649f1a173c26f7eba17fb4162b073fee61788abe49610e6c70a2641fe1895443fd
17684-
languageName: node
17685-
linkType: hard
17686-
17687-
"diff@npm:^4.0.1":
17688-
version: 4.0.2
17689-
resolution: "diff@npm:4.0.2"
17690-
checksum: f2c09b0ce4e6b301c221addd83bf3f454c0bc00caa3dd837cf6c127d6edf7223aa2bbe3b688feea110b7f262adbfc845b757c44c8a9f8c0c5b15d8fa9ce9d20d
17680+
"diff@npm:^5.2.2":
17681+
version: 5.2.2
17682+
resolution: "diff@npm:5.2.2"
17683+
checksum: a1af5d6322ca6312279369665b5a9e6d54cd2aed42729a30523e174ccd14661a752bf10d75deec8763964cab3df3787fe816f88e9de7ee8fe774852007269d88
1769117684
languageName: node
1769217685
linkType: hard
1769317686

0 commit comments

Comments
 (0)