Skip to content

Commit 1af79f2

Browse files
ignaciosantiseignaciosantise
authored
Merge pull request #522 from reown-com/fix-security-vulnerabilities
Fix high-severity security vulnerabilities via package resolutions
2 parents 56e1c81 + 64982b0 commit 1af79f2

File tree

5 files changed

+1168
-243
lines changed

5 files changed

+1168
-243
lines changed

.changeset/fix-security-vulnerabilities.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
---
2+
'@reown/appkit-react-native': patch
3+
'@reown/appkit-common-react-native': patch
4+
'@reown/appkit-bitcoin-react-native': patch
5+
'@reown/appkit-coinbase-react-native': patch
6+
'@reown/appkit-core-react-native': patch
7+
'@reown/appkit-ethers-react-native': patch
8+
'@reown/appkit-solana-react-native': patch
9+
'@reown/appkit-ui-react-native': patch
10+
'@reown/appkit-wagmi-react-native': patch
11+
---
12+
13+
fix: resolve high-severity security vulnerabilities in transitive dependencies
14+
15+
Patched 9 vulnerable packages via resolutions/overrides:
16+
- h3 1.15.5 (Request Smuggling)
17+
- tar 7.5.6 (Race Condition, Arbitrary File Overwrite)
18+
- node-forge 1.3.2 (ASN.1 vulnerabilities)
19+
- qs 6.14.1 (arrayLimit DoS)
20+
- undici 6.23.0 (Decompression DoS)
21+
- preact 10.28.2 (VNode Injection)
22+
- js-yaml 3.14.2 (Prototype Pollution)
23+
- valibot 1.2.0 (CVE-2025-66020 EMOJI_REGEX ReDoS)
24+
- hono 4.11.4 (JWT Algorithm Confusion)

0 commit comments

Comments
 (0)