#36 CRITICAL: add .max(128) to all password Zod schemas to prevent Argon2-based DoS from unbounded password strings. #46 HIGH: configure pino redact paths so passwords/tokens/cookies/TOTP secrets are never serialized in logs. #58 MEDIUM: upgrade dompurify to ^3.4.0 and add pnpm overrides for brace-expansion (>=5.0.5) and esbuild (>=0.25.0) to patch known CVEs. Vite moderate (path traversal, dev-only) remains — requires vitest 3.x major upgrade, deferred. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+3
-1
@@ -55,7 +55,9 @@
|
||||
"overrides": {
|
||||
"flatted": "^3.4.2",
|
||||
"picomatch": "^4.0.4",
|
||||
"lodash-es": "^4.18.0"
|
||||
"lodash-es": "^4.18.0",
|
||||
"brace-expansion": "^5.0.5",
|
||||
"esbuild@<0.25.0": ">=0.25.0"
|
||||
}
|
||||
},
|
||||
"packageManager": "pnpm@9.14.2",
|
||||
|
||||
Reference in New Issue
Block a user