chore(security): resolve pnpm audit vulnerabilities (1 critical, 3 moderate)#387
Merged
Merged
Conversation
…derate) Resolve all 4 vulnerabilities reported by `pnpm audit`. After these changes `pnpm audit` reports no known vulnerabilities, and typecheck, the full test suite (2200 tests), and the package builds all pass. - vitest (CRITICAL, GHSA-5xrq-8626-4rwp): bump root devDependency vitest and @vitest/coverage-v8 4.0.5 -> 4.1.8. Vitest UI server could read/execute arbitrary files; fixed in >=4.1.0. These are directly declared (not transitive) so they are bumped in place rather than via an override, and must move in lockstep. 4.0->4.1 is an additive minor (the breaking restoreAllMocks/poolOptions changes landed in 4.0.0, already in use); the bump also resolves a latent vite 8 peer mismatch. - ws (MODERATE, GHSA-58qx-3vcg-4xpx): uninitialized memory disclosure in websocket.close(), fixed in >=8.20.1. Bump the runtime-core declared range ^8.18.0 -> ^8.20.1 (published package, makes the floor explicit) and add a `ws: ">=8.20.1"` override to also cover the transitive @jupyterlab/services > ws edge. Resolves to 8.21.0. - qs (MODERATE, GHSA-q8mj-m7cp-5q26): remotely triggerable DoS in qs.stringify, fixed in >=6.15.2. Add override `qs: ">=6.15.2"` (transitive via packages/mcp > @modelcontextprotocol/sdk > express). express@5.2.1 declares qs ^6.14.0, which 6.15.2 satisfies. Resolves to 6.15.2. - brace-expansion (MODERATE, GHSA-jxxr-4gwj-5jf2): large numeric range defeats the documented `max` DoS protection, fixed in >=5.0.6. Bump the existing override >=5.0.5 -> >=5.0.6 (transitive via license-checker-rseidelsohn). The separate @isaacs/brace-expansion override is left unchanged: it is a different fork covered by a different, already-patched advisory and is not installed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
📝 WalkthroughWalkthroughRoot Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 5 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #387 +/- ##
==========================================
+ Coverage 82.24% 83.35% +1.10%
==========================================
Files 144 145 +1
Lines 5868 7988 +2120
Branches 1096 2158 +1062
==========================================
+ Hits 4826 6658 +1832
- Misses 1042 1329 +287
- Partials 0 1 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
dinohamzic
approved these changes
Jun 3, 2026
tkislan
added a commit
that referenced
this pull request
Jun 8, 2026
Resolve 4 moderate pnpm audit vulnerabilities in hono (transitive via packages/mcp > @modelcontextprotocol/sdk > hono), all fixed in 4.12.21: - GHSA-xrhx-7g5j-rcj5 (CVE-2026-47674, CVSS 5.3): ip-restriction middleware bypasses static deny rules for non-canonical IPv6. - GHSA-3hrh-pfw6-9m5x (CVE-2026-47675, CVSS 4.3): cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection. - GHSA-f577-qrjj-4474 (CVE-2026-47673, CVSS 4.8): jwt/jwk middleware accepts any Authorization scheme, not only Bearer. - GHSA-2gcr-mfcq-wcc3 (CVE-2026-47676, CVSS 5.3): app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths. Bump the existing pnpm.overrides floor for hono >=4.12.18 -> >=4.12.21 following the established convention in this repo (see #387, #368, #307, #295, #292). pnpm install resolves hono to 4.12.23. After this change `pnpm audit` reports no known vulnerabilities. `pnpm typecheck`, `pnpm test` (2242 tests), and `pnpm prettier:check` all pass.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Resolves all 4 vulnerabilities reported by
pnpm audit(1 critical, 3 moderate). Each finding was researched independently to confirm the dependency could be updated, verify the patched version exists, and check for breaking changes. Following the convention established in #376, transitive deps are pinned viapnpm.overrides; directly-declared deps are bumped in place.After these changes:
pnpm audit→ No known vulnerabilities foundpnpm typecheck→ passespnpm test→ 2200 tests / 127 files passpnpm build→ all packages buildFindings
vitestwsqsbrace-expansionvitest4.0.5 → 4.1.8 (critical)Vitest UI server could read/execute arbitrary files when listening; fixed in
>=4.1.0.vitestand@vitest/coverage-v8are directly-declared, pinned devDependencies, so they are bumped in place (not via an override) and move in lockstep (coverage peer-requires the exact vitest version).4.0 → 4.1is an additive minor — the breakingrestoreAllMocks/poolOptionschanges landed in the4.0.0major, which the repo already runs. The bump also resolves a latent vite 8 peer mismatch (4.1.x widens the vite peer range to include^8). This repo runsvitest runwithout--ui/--api, so real-world exposure was low, but the bump cleanly eliminates the advisory.ws8.19.0 → 8.21.0 (moderate)Uninitialized memory disclosure in
websocket.close()when passing aTypedArrayreason; fixed in>=8.20.1.wsappears at two edges —runtime-core's direct dep and a transitive@jupyterlab/services > ws. Theruntime-coredeclared range is bumped^8.18.0 → ^8.20.1(it's a published package, so this makes the security floor explicit downstream) and aws: ">=8.20.1"override is added to unconditionally cover the transitive edge. NowsAPI is imported directly in source — it's the WebSocket impl consumed by@jupyterlab/services— so no behavior change.qs6.14.2 → 6.15.2 (moderate)Remotely-triggerable DoS:
qs.stringifycrashes on null/undefined entries in comma-format arrays withencodeValuesOnly; fixed in>=6.15.2. Transitive viapackages/mcp > @modelcontextprotocol/sdk > express > qs.express@5.2.1is already the latest express and declaresqs: ^6.14.0(which6.15.2satisfies), so an override is the correct fix.6.14 → 6.15is a non-breaking minor (one opt-instrictMergeoption + fixes).brace-expansion5.0.5 → 5.0.6 (moderate)A large numeric range defeats the documented
maxDoS protection; fixed in>=5.0.6. Transitive vialicense-checker-rseidelsohn > … > minimatch. The existing override is bumped>=5.0.5 → >=5.0.6; the fix is an internal loop guard with no API change. The separate@isaacs/brace-expansionoverride is left unchanged — it's a different fork covered by a different, already-patched advisory (<=5.0.0, patched 5.0.1) and is not actually installed.🤖 Generated with Claude Code
Summary by CodeRabbit