#36 CRITICAL: add .max(128) to all password Zod schemas to prevent Argon2-based DoS from unbounded password strings. #46 HIGH: configure pino redact paths so passwords/tokens/cookies/TOTP secrets are never serialized in logs. #58 MEDIUM: upgrade dompurify to ^3.4.0 and add pnpm overrides for brace-expansion (>=5.0.5) and esbuild (>=0.25.0) to patch known CVEs. Vite moderate (path traversal, dev-only) remains — requires vitest 3.x major upgrade, deferred. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -31,7 +31,7 @@
|
||||
"@trpc/server": "^11.0.0",
|
||||
"@types/qrcode": "^1.5.6",
|
||||
"clsx": "^2.1.1",
|
||||
"dompurify": "^3.3.3",
|
||||
"dompurify": "^3.4.0",
|
||||
"exceljs": "^4.4.0",
|
||||
"framer-motion": "^12.38.0",
|
||||
"next": "^15.5.15",
|
||||
|
||||
Reference in New Issue
Block a user