mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-04-25 20:01:53 -05:00
Code Issues Packages Projects Releases 164 Wiki Activity

fix(security): update fast-xml-parser override to >=5.3.4 (Dependabot #270)

Browse Source 
Fix RangeError DoS vulnerability in fast-xml-parser numeric entities.
Affected versions: >= 4.3.6, <= 5.3.3
Patched version: 5.3.4

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Matti Nannt
2026-02-02 16:29:18 +01:00
parent 1224325e61
commit 9c6c59e16c
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+2 -2
View File
@@ -91,10 +91,10 @@
"typeorm": ">=0.3.26",
"systeminformation": "5.27.14",
"qs": ">=6.14.1",
"fast-xml-parser": ">=5.2.5"
"fast-xml-parser": ">=5.3.4"
},
"comments": {
"overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update | systeminformation (Dependabot #241) - awaiting @opentelemetry/host-metrics update | qs (Dependabot #245) - awaiting googleapis-common and stripe updates | fast-xml-parser - awaiting @boxyhq/saml-jackson update"
"overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update | systeminformation (Dependabot #241) - awaiting @opentelemetry/host-metrics update | qs (Dependabot #245) - awaiting googleapis-common and stripe updates | fast-xml-parser (Dependabot #270) - awaiting @boxyhq/saml-jackson update"
},
"patchedDependencies": {
"next-auth@4.24.12": "patches/next-auth@4.24.12.patch"
pnpm-lock.yaml
Generated
+7 -7
View File
@@ -12,7 +12,7 @@ overrides:
typeorm: '>=0.3.26'
systeminformation: 5.27.14
qs: '>=6.14.1'
fast-xml-parser: '>=5.2.5'
fast-xml-parser: '>=5.3.4'
patchedDependencies:
next-auth@4.24.12:
@@ -7443,8 +7443,8 @@ packages:
fast-uri@3.1.0:
resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==}
fast-xml-parser@5.2.5:
resolution: {integrity: sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==}
fast-xml-parser@5.3.4:
resolution: {integrity: sha512-EFd6afGmXlCx8H8WTZHhAoDaWaGyuIBoZJ2mknrNxug+aZKjkp0a0dlars9Izl+jF+7Gu1/5f/2h68cQpe0IiA==}
hasBin: true
fastest-stable-stringify@2.0.2:
@@ -11678,7 +11678,7 @@ snapshots:
'@smithy/smithy-client': 4.10.2
'@smithy/types': 4.11.0
'@smithy/util-middleware': 4.2.7
fast-xml-parser: 5.2.5
fast-xml-parser: 5.3.4
tslib: 2.8.1
'@aws-sdk/core@3.957.0':
@@ -12578,13 +12578,13 @@ snapshots:
'@aws-sdk/xml-builder@3.957.0':
dependencies:
'@smithy/types': 4.11.0
fast-xml-parser: 5.2.5
fast-xml-parser: 5.3.4
tslib: 2.8.1
'@aws-sdk/xml-builder@3.969.0':
dependencies:
'@smithy/types': 4.12.0
fast-xml-parser: 5.2.5
fast-xml-parser: 5.3.4
tslib: 2.8.1
'@aws/lambda-invoke-store@0.2.2': {}
@@ -19532,7 +19532,7 @@ snapshots:
fast-uri@3.1.0: {}
fast-xml-parser@5.2.5:
fast-xml-parser@5.3.4:
dependencies:
strnum: 2.1.2