pezkuwichain/pwap
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pwap.git synced 2026-06-14 18:21:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: resolve critical fast-xml-parser vulnerability and block deploy on audit

Browse Source 
- Override fast-xml-parser to ^5.3.6 (fixes CVE-2026-25896, CVE-2026-26278, CVE-2026-25128)
- Add security-audit to deploy job dependencies in quality-gate workflow
This commit is contained in:
Kurdistan Tech Ministry
2026-02-23 18:23:55 +03:00
parent b9024cb034
commit 350b65dec3
3 changed files with 2071 additions and 1458 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/quality-gate.yml
+1 -1
View File
@@ -117,7 +117,7 @@ jobs:
deploy: deploy:
name: Deploy Web name: Deploy Web
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [web, mobile] needs: [web, mobile, security-audit]
if: github.ref == 'refs/heads/main' && github.event_name == 'push' if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps: steps:
mobile/package-lock.json
Generated
+2068 -1456
View File
File diff suppressed because it is too large Load Diff
mobile/package.json
+2 -1
View File
@@ -95,7 +95,8 @@
"@pezkuwi/keyring": "^14.0.25", "@pezkuwi/keyring": "^14.0.25",
"@pezkuwi/util": "^14.0.25", "@pezkuwi/util": "^14.0.25",
"@pezkuwi/util-crypto": "^14.0.25", "@pezkuwi/util-crypto": "^14.0.25",
"@isaacs/brace-expansion": "5.0.1" "@isaacs/brace-expansion": "5.0.1",
"fast-xml-parser": "^5.3.6"
}, },
"devDependencies": { "devDependencies": {
"@babel/plugin-transform-class-static-block": "^7.28.6", "@babel/plugin-transform-class-static-block": "^7.28.6",