Commit ccd9add
LTS-4005: bump undici override 7.24.0 -> 7.28.0 (CVE GHSA-vmh5-mc38-953g)
Patches SOCKS5 ProxyAgent TLS bypass (CVSS 7.4). The repo's existing
overrides block pinned cheerio's undici to ^7.24.0, narrower than
cheerio's own ^7.19.0 range. Raising the override floor to ^7.28.0
forces npm to pick the patched version while keeping intent documented.
webdriver's nested undici stays on 6.x (not affected by the CVE;
SOCKS5 support was introduced in undici 7.23.0).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 719e5cf commit ccd9add
2 files changed
Lines changed: 84 additions & 35 deletions
0 commit comments