Skip to content

Commit ccd9add

Browse files
dheeren-gaudclaude
andcommitted
LTS-4005: bump undici override 7.24.0 -> 7.28.0 (CVE GHSA-vmh5-mc38-953g)
Patches SOCKS5 ProxyAgent TLS bypass (CVSS 7.4). The repo's existing overrides block pinned cheerio's undici to ^7.24.0, narrower than cheerio's own ^7.19.0 range. Raising the override floor to ^7.28.0 forces npm to pick the patched version while keeping intent documented. webdriver's nested undici stays on 6.x (not affected by the CVE; SOCKS5 support was introduced in undici 7.23.0). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 719e5cf commit ccd9add

2 files changed

Lines changed: 84 additions & 35 deletions

File tree

0 commit comments

Comments
 (0)