From 2208f74aec84d908130b58366a7a745a0c80b3c1 Mon Sep 17 00:00:00 2001 From: Mac Tichner Date: Mon, 20 Apr 2026 12:41:08 -0400 Subject: [PATCH] fix(deps): bump undici to ^6.24.0 via override (#2, #14, #15, #16, #17, #18) Fixes 6 vulnerabilities: WebSocket memory/exception issues, CRLF injection, 64-bit length overflow, HTTP smuggling, unbounded decompression. Transitive from discord.js and @discordjs/rest. Co-Authored-By: Claude Opus 4.6 (1M context) --- bun.lock | 3 ++- package.json | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/bun.lock b/bun.lock index 5038a3724a..646988ce34 100644 --- a/bun.lock +++ b/bun.lock @@ -227,6 +227,7 @@ "overrides": { "flatted": "^3.4.2", "test-exclude": "^7.0.1", + "undici": "^6.24.0", }, "packages": { "@antfu/ni": ["@antfu/ni@25.0.0", "", { "dependencies": { "ansis": "^4.0.0", "fzf": "^0.5.2", "package-manager-detector": "^1.3.0", "tinyexec": "^1.0.1" }, "bin": { "na": "bin/na.mjs", "ni": "bin/ni.mjs", "nr": "bin/nr.mjs", "nci": "bin/nci.mjs", "nlx": "bin/nlx.mjs", "nun": "bin/nun.mjs", "nup": "bin/nup.mjs" } }, "sha512-9q/yCljni37pkMr4sPrI3G4jqdIk074+iukc5aFJl7kmDCCsiJrbZ6zKxnES1Gwg+i9RcDZwvktl23puGslmvA=="], @@ -2321,7 +2322,7 @@ "uncrypto": ["uncrypto@0.1.3", "", {}, "sha512-Ql87qFHB3s/De2ClA9e0gsnS6zXG27SkTiSJwjCc9MebbfapQfuPzumMIUMi38ezPZVNFcHI9sUIepeQfw8J8Q=="], - "undici": ["undici@6.21.3", "", {}, "sha512-gBLkYIlEnSp8pFbT64yFgGE6UIB9tAkhukC23PmMDCe5Nd+cRqKxSjw5y54MK2AZMgZfJWMaNE4nYUHgi1XEOw=="], + "undici": ["undici@6.25.0", "", {}, "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg=="], "undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="], diff --git a/package.json b/package.json index 63c06ae271..732b326ff4 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,8 @@ }, "overrides": { "test-exclude": "^7.0.1", - "flatted": "^3.4.2" + "flatted": "^3.4.2", + "undici": "^6.24.0" }, "dependencies": { "@anthropic-ai/claude-agent-sdk": "^0.2.74"